Wisconsin Does Not Have Appropriate Security Breach Laws

May 24, 2019

The Wisconsin Department of Agriculture, Trade and Consumer Protection says Wisconsin’s laws regulating how companies respond to data stolen by hackers are lagging behind other states, according to a news report.

According to the Legislative Reference Bureau report, Wisconsin’s data breach laws are unclear on whether companies that don’t report can face lawsuits for negligence. According to the statute, "failure to comply with this section is not negligence or a breach of any duty, but may be evidence of negligence or a breach of a legal duty."

Findings in a Data Breaches: Risk, Recovery, and Regulation report prepared for the Wisconsin Policy Project earlier this year include:

A few of the largest data breaches that took place in 2018:

Facebook exposed at least 87 million profile records, including demographic, personality, social, and site/app engagement information.
Fitness and nutrition site MyFitnessPal exposed 150 million user records including usernames, email addresses and encrypted passwords.
Saks Fifth Avenue and Lord & Taylor exposed more than 5 million payment cards.
UnityPoint Health exposed 1.4 million patients’ demographic, medical, and insurance
information, and possibly payment card and social security information as well.

A list of diverse and separate regulations cover individual areas of data privacy, such as:

The Health Insurance Portability and Accountability Act (HIPAA) regulates medical information, the process of applying to healthcare providers, insurers, pharmacies, and more.
The Fair Credit Reporting Act regulates the collection and disclosure of information such as credit history, credit capacity, character, and general reputation by consumer reporting agencies.
2018 U.S. S. 2155 (became Federal Public Law 115-174) amends the Fair Credit Reporting Act (15 U.S.C. 1681c–1) to extend credit freezes from 90 days to one year in duration and requires that consumer reporting agencies freeze consumers’ credit free of charge and in a timely manner.
The Federal Trade Commission Act prohibits unfair or deceptive practices toward consumers, including online privacy and data security issues such as failures to comply with posted privacy policies and unauthorized disclosures of PII.
The Financial Services Modernization Act regulates the use of consumers’ financial information, including the disclosure of financial and related PII.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Wisconsin Does Not Have Appropriate Security Breach Laws

Related Articles

Related Events

Report Abusive Comment