Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


Wisconsin Proposed Data Privacy Law

Created on June 22, 2020

Demand Generation Manager, Exterro

Why This Privacy Law is Important: The Wisconsin Data Privacy Act is three separate bills that together would give consumers more control over their personal data, and would strengthen Wisconsin’s data security and breach notification requirements.

Need to Know Information:

Who it Applies To: The three bills define a “Consumer” as an individual who is a resident of the state of Wisconsin. The “Controller” is the company who is responsible for the consumer’s data. It excludes law enforcement, and federal, state, and local government individuals.

What is Covered: The bills allow consumers to request reports explaining: what data a controller is collecting on the individual, when the company is collecting it, how the company is using it, who the company is giving the personal data (“data”) to; and how long the company will retain the data.

How to Comply: The report must be provided for free within one month (with a possible extension to three months) in electronic format, unless otherwise requested. Companies are required to notify the Wisconsin Department of Justice (DOJ) within 30 days if they become aware of a data breach. If the breach exposed consumer’s personal data, the company must notify the consumers whose personal data is involved in the breach.

Potential Penalties: Companies who intentionally violate the data breach requirements are subject to a fine of $10 million or up to 2 percent of total annual revenue, whichever is greater. Companies who intentionally violate the bill’s requirements related to providing copies of consumer’s personal data, may be fined $20 million or up to 4 percent of total annual revenue, whichever is greater.