In order to better serve Wisconsin insurance consumers, the Office requests that all Wisconsin-licensed insurers, gift annuities, warranty plans, motor clubs and employee benefit plan administrators notify the Office of any unauthorized access to personal information of Wisconsin residents as soon as practicable, but no later than 10 days after it has become aware of such unauthorized access. For the purposes of this request the Office defines "personal information" as defined by s. 895.507 (1) (b), Stats., as follows:
An individual's last name and the individual's first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in a manner that renders the element unreadable:
- The individual's social security number.
- The individual's driver's license number or state identification number.
- The number of the individual's financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individual's financial account.
- The individual's deoxyribonucleic acid profile, as defined in s. 939.74 (2d) (a).
- The individual's unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical representation.
The requirements in this bulletin have been replaced by Act 73. Any questions and all notifications of unauthorized access to nonpublic information should be emailed to
OCICyberReport@wisconsin.gov.