Wisconsin
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Within 45 days
FINES & PENALTIES – Violations
May be evidence of negligence
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Not Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Wisconsin Privacy Law Information
If notification is required to more than 1,000 individuals, it must also be reported, without unreasonable delay, but within 45 days, to the consumer reporting agencies with specific information. Entities whose principal place of business is not located in Wisconsin and handles Wisconsin residents’ personal information are subject to Wisconsin’s breach notification law.
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
A vendor discovering a breach or suspected breach must notify the organization. The organization is responsible for reporting to regulator and consumer notification.
Wisconsin passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective November 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.
Failure to give notice as required may be evidence of negligence or a breach of a legal duty to comply. Organizations may be fined or penalized for Vendor violations. Any party to a data breach that results in a violation may be charged with and convicted of the violation although he or she did not directly commit it and even if the person who directly committed it has not been convicted of the violation.
Wisconsin Statutes and Laws
Nondisclosure of information on receipts
Disposal of records containing personal information
Notice of unauthorized acquisition of personal information
Parties to a violation
Insurance Data Security
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.