601.95 Definitions. In this subchapter: (1) “Authorized individual” means an individual who is known to and screened by a licensee and whose access to the licensee’s information system or nonpublic information is determined by the licensee to be necessary and appropriate. (2) “Consumer” means an individual who is a resident of this state and whose […]
601.951 General provisions. (1) Exclusive state standards. This subchapter establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event, and notification of a cybersecurity event or unauthorized access to nonpublic information to the state government and consumers. (2) Exceptions to applicability. (a) This subchapter does not apply to […]
601.952 Information security program. (1) Implementation of program. No later than November 1, 2022, a licensee shall develop, implement, and maintain a comprehensive written information security program based on the licensee’s risk assessment under sub. (2) and consistent with the conditions of sub. (3) (a). The program shall contain administrative, technical, and physical safeguards for […]
601.953 Investigation of cybersecurity event. (1) If a licensee learns that a cybersecurity event involving the licensee’s information systems or nonpublic information has or may have occurred, the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation that, at a minimum, includes all […]
601.954 Notification of a cybersecurity event. (1) Notification to the commissioner. (a) A licensee shall notify the commissioner that a cybersecurity event involving nonpublic information has occurred if any of the following conditions is met: 1. The licensee is domiciled in this state and the cybersecurity event has a reasonable likelihood of materially harming a […]
601.955 Confidentiality. (1) All of the following apply to documents, materials, and other information in the possession or control of the commissioner that are obtained by, created by, or disclosed to the commissioner or any other person under this subchapter: (a) The documents, materials, and other information are considered proprietary and contain trade secrets. (b) […]
601.956 Enforcement. The commissioner shall have the power to examine and investigate the affairs of any licensee to determine whether the licensee has engaged in conduct in violation of this subchapter and to take action that is necessary or appropriate to enforce the provisions of this subchapter. This power is in addition to the powers […]
