Wisconsin State Security Breach Laws 

Effective Date: March 31, 2006

Definition of Personal Information: An individual’s last name and the individual’s first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in a manner that renders the element unreadable:

(a) The individual’s social security number;
(b) The individual’s driver's license number or state identification number;
(c) The number of the individual’s financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individual’s financial account.
(d) The individual’s deoxyribonucleic acid profile, as defined in s. 939.74 (2d) (a).
(e) The individual’s unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical representation.

Summary: If an entity whose principal place of business is located in this state or an entity that maintains or licenses personal information in this state knows that personal information in the entity’s possession has been acquired by a person whom the entity has not authorized to acquire the personal information, the entity shall make reasonable efforts to notify each subject of the personal information. The notice shall indicate that the entity knows of the unauthorized acquisition of personal information pertaining to the subject of the personal information.