Wisconsin regulators have spelled out rules for insurers, benefit plan administrators and other organizations that learn of unauthorized access to state residents’ personal information.
Organizations affected by the rules, which are spelled out in a bulletin issued Monday, should notify the Wisconsin insurance commissioner’s office of an unauthorized access as soon as possible and no later than 10 days after learning of the unauthorized access, Wisconsin Insurance Commissioner Jorge Gomez writes in the bulletin.
In Wisconsin, covered “personal information” includes a combination of an individual’s last name and first name, or last name and first initial, along with any of the following information given in an unencrypted form:
- The individual’s Social Security number.
- The individual’s driver’s license number or state identification number.
- The number of the individual’s financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individual’s financial account.
- The individual’s deoxyribonucleic acid profile.
- The individual’s unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical representation.
A copy of the Wisconsin bulletin is on the Web at Document Link