Ready Or Not: New Wisconsin Cybersecurity Law—Act 73—Imposes Cybersecurity Requirements On Insurance Providers

SmithAmundsen LLC
Contact

SmithAmundsen LLC

In reaction to the continued uptick in high profile data incidents, yesterday, Wisconsin Governor Evers signed into law Act 73, a law establishing cybersecurity requirements for the insurance industry’s protection of data collected. With a stroke of a pen, Wisconsin joins the growing number of states imposing cybersecurity regulations on insurance providers.

Insurance Commissioner Mark Afable explained that these new protections “will help protect personal data and keep Wisconsin Insurance companies secure.” This continued wave of cyber-hygiene requirements is no surprise. Years ago, the National Association of Insurance Commissioners (the NAIC) created its model rule in the hopes that all 50 states would have laws similar to Wisconsin Act 73 in place.

Wisconsin’s new law protects “nonpublic information” collected and processed by insurers. In order to comply, insurers are required to complete a risk assessment and utilize the results to tailor and create an information security program. Additionally, licensees must implement a comprehensive incident response plan, in the event of a cybersecurity event, and map out how they will provide notice in a timely fashion to those consumers affected. The law also requires licensees to exercise appropriate diligence in selecting their third-party service providers.

Licensees have a year to conduct a risk assessment and to address the vulnerabilities and risks identified. There are also exceptions to the application of this new law. However, threat actors remain on the offensive everyday so time is of the essence. Plus, the law empowers the Office of the Commissioner of Insurance to examine and investigate the affairs of a licensee to determine violations of the requirements. Therefore, it remains a best practice for all insurance providers to take these steps and remain committed to protecting the personal information of consumers.

Now is the time for insurance companies to implement or assess their cybersecurity plans and review their compliance checklists, to get in line.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© SmithAmundsen LLC | Attorney Advertising

Written by:

SmithAmundsen LLC
Contact
more
less

SmithAmundsen LLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.