Wisconsin regulators have spelled out rules for insurers, benefit plan administrators and other organizations that learn of unauthorized access to state residents’ personal information.
Organizations affected by the rules, which are spelled out in a bulletin issued Monday, should notify the Wisconsin insurance commissioner’s office of an unauthorized access as soon as possible and no later than 10 days after learning of the unauthorized access, Wisconsin Insurance Commissioner Jorge Gomez writes in the bulletin.
In Wisconsin, covered “personal information” includes a combination of an individual’s last name and first name, or last name and first initial, along with any of the following information given in an unencrypted form:
- The individual’s Social Security number.
- The individual’s driver’s license number or state identification number.