It seems like every other headline in the news these days is broadcasting a new phishing scheme or revealing the latest data breaches. Each report adds another layer of concern, leaving both individuals and organizations feeling exposed and helpless in the face of evolving cyber threats. However, as a business owner, you hold a critical responsibility to fortify your organization against these pervasive attacks. In this article, we’ll shed light on the essential data protection laws relevant to Wisconsin, so you can stay protected.
Backed by over two decades of experience, Ontech Systems, Inc. specializes in tailored IT and cybersecurity solutions for Eastern WI businesses. With over 20 years in the business and a 98% customer retention rate, we’re here to share invaluable insights into safeguarding your business, employees, and customers’ sensitive information.
To best understand data protection laws, we must first define what a data breach is and how to know if sensitive information has been compromised.
What is a Data Breach?
A data breach occurs when a source of information is accessed or released without authorization. This data includes personally identifiable information (PII) which consists of any details tied to an individual’s identity.
How Do Data Breaches Happen?
A breach in your system’s data can happen as simply and as quickly as someone clicking a phishing link. But they can also happen over the phone. Attackers are continually refining their tactics, leveraging sophisticated tools such as artificial intelligence to orchestrate scam calls. Through these deceptive tactics, they aim to procure voice recordings to fabricate false approvals, extract sensitive password and security details, and ultimately pilfer data and identities for malicious purposes.
Your business is especially vulnerable to a breach if you handle and store any sort of customer data such as credit card numbers, home addresses, phone numbers, emails addresses, account passwords, health information, social security numbers, and more.
What Classifies Information as PII?
In the state of Wisconsin, personally identifiable information (PII) is classified as an individuals first name or initial and last name in combination with one or more of the following:
- Financial account number, credit/debit card number including the security code
- Driver’s license number or state identification number
- Social security number
- DNA profile
- Any distinctive biometric data like a fingerprint, voice print, retina or iris image, or any other unique physical representation of an individual
What Can I Do to Safeguard My Business?
Cyber Liability Insurance is an essential investment to provide security to your business should a breach ever occur. Much like you protect your personal assets from potential threats and vulnerabilities, your business poses many high-level risks that are just too sensitive and important to ignore.
Businesses that collect PII should invest in cyber liability insurance to protect their business in the event of an unfortunate data breach.
Ontech Systems, Inc. partners with Vizance to provide a comprehensive cyber liability insurance product for businesses. Check out our recent webinar about the ins and outs of cyber liability insurance!
What are Wisconsin’s Laws and Requirements for Data Breaches?
Now that you know what a data breach is and all the details of what an attacker would be looking for and how they might go about gaining access to this information, let’s unpack Wisconsin’s Laws and notification practices for data breaches.
In the state of Wisconsin, businesses that experience a data breach must notify their customers within a 45-day window. If the total number of customers impacted by the breach is 1,000 or more, further action must be taken on behalf of the business to notify the nationwide consumer reporting agencies.
The method a business uses to notify the individuals of the data breach can be by mail or any method the business has used previously to contact the resident, including but not limited to phone calls, texts, and emails. The goal is to notify the customer in a way that is reasonably likely to reach the individual. Substitute methods may be considered if there is insufficient contact information available to the business.
Wisconsin businesses that experience a data breach and are required to notify their customers must include specific language about the breach and their knowledge and actions. The messaging to the individual should indicate that the business is aware of an unauthorized acquisition of their personal information and, if requested, what information was acquired. Notices should also include the date of the breach, what happened – to the best of the business’s knowledge, and information on how to contact the business and any credit monitoring services.
Businesses with breaches that include credit card information should also report to the credit reporting agencies and include similar information.
If the breach occurs within a healthcare organization, these reports and notices are handled and regulated at a federal level. Under HIPPA laws, individuals must be notified via first-class mail or by email if electronic communication has been approved. The federal regulation for healthcare businesses executing notification is within 60 days of discovering the breach. However, it is important to note that any healthcare organization conducting business within the state of Wisconsin must comply with the state laws of a 45-day notice window.
How Can My Business Recover from a Breach?
Outlining a Disaster Recovery plan for your business is the first step to helping you understand how you can move swiftly and confidently through any cybersecurity scenario, should it occur.
Ontech Systems, Inc. offers Managed IT service as well as Cybersecurity, Employee Training, Cyber Liability Insurance, and more to help protect your business, mitigate risk, and support you through any unfortunate data breach events.
We also offer a free Network Discovery call to help you identify weaknesses in your IT and cybersecurity infrastructure and share actionable steps you can take to protect your business. Ready to take the next step? Book your call today!
Legal Reference Source: Wisconsin – Lewis Brisbois Bisgaard & Smith LLP, Wisconsin Enacts Insurance Data Security Law Requiring Notification of Cybersecurity Incidents to Insurance Commissioner Within Three Business Days | Troutman Pepper – JDSupra
