Yesterday, Governor Tony Evers signed Act 73 into law creating new cybersecurity requirements for protecting data collected by the insurance industry.
“From ransomware to data breaches, insurers and consumers are at an increasing risk of experiencing a serious cybersecurity incident,” said Insurance Commissioner Mark Afable. “The new consumer protections in this Act will help protect personal data and keep Wisconsin insurance companies secure.”
Act 73 was derived from model legislation developed by the National Association of Insurance Commissioners (NAIC) incorporating input from all participating state insurance commissioners, industry stakeholders, and consumer representatives. Wisconsin’s Office of the Commissioner of Insurance (OCI) worked under the administrations of both Governor Evers and former Governor Walker to develop a version of this model law that would best serve Wisconsinites.
With some exceptions, this law will require anybody licensed with OCI to develop an information security program that protects its systems and data. Within one year, they must also conduct a risk assessment and address any areas that put their consumer’s data or their IT systems at risk. The law also requires insurers to develop an incident response plan and provide notice in a timely manner to consumers affected by a data breach.
“As we become even more dependent on technology, Wisconsin insurers are committed to protecting our customer’s personal information,” said Connie O’Connell, Executive Director of the Wisconsin Council of Life Insurers. “Our agents and companies recognize the serious threat of potential cyberattacks and strongly support adopting these critical protections.”