Wisconsin Now Has a New Insurance Cybersecurity Law

Wisconsin’s governor signed into law legislation creating new cybersecurity requirements for protecting data collected by the insurance industry.

Gov. Tony Evers signed Act 73, which is based on model legislation developed by the NAIC incorporating input from all participating state insurance commissioners, industry stakeholders and consumer representatives.

Insurance Commissioner Mark Afable said in a statement that the protections in the “Act will help protect personal data and keep Wisconsin insurance companies secure.”

With some exceptions, the law requires entities licensed with OCI, including insurers and agents, to develop an information security program that protects its systems and data. Within one year, they must also conduct a risk assessment and address any areas that put their consumer’s data or their IT systems at risk.

The law requires insurers to develop an incident response plan and provide timely notices to consumers affected by a data breach.