Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 45 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

May be evidence of negligence/breach of legal duty

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • If notification is required to more than 1,000 individuals, it must also be reported, without unreasonable delay, but within 45 days, to the consumer reporting agencies with specific information.
  • Any party to a data breach that results in a violation may be charged with and convicted of the violation although he or she did not directly commit it and even if the person who directly committed it has not been convicted of the violation.
  • Statute directly denotes that entities not located in Wisconsin but having Wisconsin residents’ personal information are subject to Wisconsin breach and notification laws.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible for consumer notification and regulatory reporting.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • Wisc. Stat. § 134.97 Disposal of records containing personal information
  • Wisc. Stat. § 134.98 Notice of unauthorized acquisition of personal information
  • Wisc. Stat. § 134.99 Parties to a violation
  • Wisc. Stat. § 134.74 Nondisclosure of information on receipts
BAck to map