800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Wisconsin Data Breach Laws: Reporting a Breach to Users

Wisconsin's data breach laws apply to any company doing business in the state, lending money to a resident, licensing protected information, or maintaining a deposit account in the state. Businesses are required to inform their customers within 45 days of the breach. If a breach affects more than 1,000 residents, the business must report it to a consumer reporting agency.

Name of Law / Statute

N/A

Definition of Protected Information

Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes, PLUS unique biometric data, including DNA

Who Is Subject to Law?

All entities that (1) do business in WI, (2) license PI, (3) maintain a deposit acct for a resident, or (4) lend money to a resident

Notification of Consumers?

Yes, but only if breaches "materially compromise the security, confidentiality, or integrity of" PI; must be within 45 days of discovery of breach

By what means?

Written or previously used form of contact; if >1,000 residents, must notify consumer reporting agencies

Substitute Notice Threshold?

When mailing address and other contact info unknown or unascertainable

Notification of authorities / regulators required?

No

By what means?

N/A

Regulatory Fines

N/A

Credit monitoring requirement?

No

Private lawsuits allowed?

N/A

Private damages cap?

N/A

Regulatory actions allowed?

N/A

HIPAA Compliance exemption?

N/A

Other  (e.g., timeframe)

Law does not apply if PI was encrypted (unless encryption was compromised) or redacted or otherwise secured

Link to complete law

Wisconsin's data breach law

Read the full text of Wisconsin’s data breach law.

70% of businesses raise prices or cut hiring when sued