Illinois Governor Bruce Rauner vetoed a data breach notification bill amendment Aug. 21 that would have extended protection to include medical, health insurance, biometric, consumer marketing and geolocation information.

Adding consumer marketing and geolocation information to the mix is a “significant departure from the data protection laws of other states,” Rauner said in a letter to the Illinois General Assembly.  

The unauthorized release of that information “does not pose the same risk of identity theft that justifies the extraordinary and costly security and notice requirements imposed by the Personal Information Protection Act,” he contended.

Rauner recommended the time requirement to notify the Attorney General be lengthened from 30 days to 45 days. He also criticized the amendment's mandate for "any operator of any website" to post their privacy policies as an “increase the cost of compliance without adding value to consumers.”