Mandated Timeframe for Breach Reporting and/or Consumer Notification
Within 45 days
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect personal information
Written Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of Breach and Notification Laws Noncompliance may be evidence of negligence
Third Party Management
None to minimal
If notification is required to more than 1,000 individuals, it must also be reported, without unreasonable delay, but within 45 days, to the consumer reporting agencies with specific information.
Any party to a data breach that results in a violation may be charged with and convicted of the violation although he or she did not directly commit it and even if the person who directly committed it has not been convicted of the violation.
Statute directly denotes that entities not located in Wisconsin but having Wisconsin residents’ personal information are subject to Wisconsin breach and notification laws.
If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
Wisc. Stat. § 134.97 Disposal of records containing personal information
Wisc. Stat. § 134.98 Notice of unauthorized acquisition of personal information
Wisc. Stat. § 134.99 Parties to a violation
Wisc. Stat. § 134.74 Nondisclosure of information on receipts