“The Act establishes investigation procedures, data security program standards, and notification requirements for anyone licensed by Wisconsin’s Office of the Commissioner of Insurance (licensees), including insurers and agents. Exempt from compliance are licensees with fewer than 50 employees, less than $10 million in total year-end assets, or less than $5 million in gross annual revenue.”
It requires those covered to develop and implement a security program to protect their IT systems and non-public information. Requirements include reporting and notification requirements.
A similar law was passed in Iowa and Maine earlier this year.
All were based on the National Association of Insurance Commissioner’s (NAIC) model cybersecurity law — see more here.