When Gov. Bruce Rauner was running for office, he talked a lot about his support for Illinois small businesses. He even used his inaugural address to describe how the state’s economic turnaround could begin with local businesses right here in Illinois.
In the coming weeks, Rauner will have a golden opportunity to make a meaningful effect in support of Prairie State small businesses. He should seize that chance and issue an amendatory veto of Senate Bill 1833.
Why? Because this proposed legislation expands the definition of data breaches to include ordinary sales and marketing information that threatens no one’s safety or security. In fact, it is so off the mark, not a single other state in the country would or has adopted a similarly overreaching measure – not even California. Illinois would be the outlier in erecting such a crushing barrier to small businesses seeking to expand online.
As we’ve seen, with more and more businesses going online, thieves are no longer only those who wear black clothing and sneak into a building under the cover of darkness. Valuable proprietary and financial information is increasingly stored electronically. Criminals are capable of hacking through the best online defenses to grab everything from credit card
numbers to what kind of toppings you like on your pizza.
Attorney General Lisa Madigan and some members of the Illinois Legislature, however, are seeking to treat physical thefts differently than online thefts. Whereas in the physical world, the focus is on apprehending the perpetrators and aiding the victims. In an online data breach, the focus seems to be on further punishing the victims.
We all can agree with Madigan, who said in support of the bill: “Identity theft is an enormous problem. It’s sometimes very difficult to identify, very difficult to clean up, and it can have an enormous impact on somebody’s ability to function in our world.”
In an attempt to address the real problem of data breaches, however, this bill treats the breach of health care data from my health insurance company the same as a breach that reveals the last time I ordered a pie at my local pizzeria. The bill levies excessive and burdensome requirements on Illinois small businesses, uniquely forcing them to spend thousands of unnecessary dollars on legal fees to write privacy policies that are customized for Illinois just for the privilege of doing business over the Internet.
Perplexingly, the law would treat an order collected through a website differently from an order taken in person or over the phone and then stored in the same database.
These policies will not make consumers safer. They instead will make it more difficult for small businesses in Illinois to be created, to grow or to prosper.
We need laws that proactively prevent data breaches and strike at the criminal entities that
perpetrate them, not laws that impose penalties on the small businesses that are the backbone of our economy.
Rauner has an opportunity before him to correct the overreaching aspects of this bill by keeping its focus on actual threats to the consumer public rather than concocting
nationally unprecedented barriers. He has a chance to provide clarity and focus so that law
enforcement has the ability to protect victims and find and apprehend criminals.
Whether I put cream or sugar in my coffee is not the same as having my credit card number stolen.
Over the past 30 years, traditional crime numbers have plummeted because law enforcement
dedicates its resources to protecting victims and prosecuting criminals. The online world should be no different.
• Carl Szabo is policy counsel for NetChoice, a trade association of eCommerce businesses and online consumers, all of whom share the goal of promoting convenience, choice and commerce on the Internet.