F E AT U R E
Insurance Data Security Requirements – 2021 Wisconsin Act 73 By Natalie White, Communications Director
A cybersecurity event is defined in the law as “an event resulting in the unauthorized access to, or disruption or misuse of, an information system or the nonpublic information stored on an information system.” Legislation discussed in this and other PIAW publications many times over the past couple of years has now been passed and signed into law. With cyber threats continuing to grow, Wisconsin Act 73 is an important measure for the insurance industry in Wisconsin to ensure that state cybersecurity measures are enacted and that the federal government is not inclined to supersede state regulation in that regard. The provisions included in 2021 Wisconsin Act 73 go into effect on November 1st, unless a separate effective date is listed. Some of the major components of the Act are summarized below: Investigation Following a Cyber Breach In the event that a licensee learns that a cybersecurity event
has occurred, there must be an internal investigation into the event’s nature and scope, what nonpublic information may be concerned, and what practical measures are being taken to ensure that the system has once again been secured. A cybersecurity event is defined in the law as “an event resulting in the unauthorized access to, or disruption or misuse of, an information system or the nonpublic information stored on an information system.” Additionally, if an event occurs, the records related to it must be maintained for five years and shared with the Office of the Commissioner of Insurance if requested. Notification Requirements If a cybersecurity event occurs and there is the belief that the breach may cause harm to consumers, licensees must notify the Office of the Commissioner of Insurance (OCI) as soon
NOVEMBER/DECEMER 2021 [ 28 ]
