Wisconsin Act 73 Insurance Data Security

Wisconsin’s new cybersecurity law (Act73 – Insurance Data Security) was signed by Governor Tony Evers on July 15, 2021, and can be found in Wisconsin Statutes Subchapter IX of Chapter 601. Act73 – Insurance Data Security is aimed at protecting consumers from increasing risks of cybersecurity threats such as ransomware and data breaches from their insurers and their affiliate agencies. Threat actors remain on the offensive everyday so time is of the essence. Wisconsin insurers should immediately take steps to familiarize themselves with the new legislation and take immediate action to become compliant.

In order to comply, licensees have one year (Deadline of November 1, 2022) to conduct a risk assessment, address the vulnerabilities and risks identified, and create an information security program tailored to their business. Additionally, licensees must implement a comprehensive incident response plan, in the event of a cybersecurity event, and map out how they will provide notice in a timely fashion to affected consumers. The law also requires licensees to exercise appropriate diligence and due care in selecting their third-party service providers to ensure that these entities are also in alignment with the new regulations.

The law empowers the Office of the Commissioner of Insurance to examine and investigate the affairs of a licensee to determine violations of the requirements. Therefore, it remains a best practice for all insurance companies, providers, and agencies to take these steps and remain committed to protecting the personal information of their consumers.

While the law provides certain exemptions, we suggest to our clients that they become compliant with all aspects of this law; because meeting regulatory expectations through an exemption is not the same as complying with all parts of a regulation. One could expect that upon notification of a cybersecurity event, the Office of the Commissioner of Insurance will investigate how that organization complied, or failed to comply, with all sections of Act 73 regardless of their exemption status.

Many sections of the new law reflect industry leading practices relating to cybersecurity, the implementation of which would increase an organization’s cybersecurity maturity and preparedness to detect a cybersecurity event, respond to that event, and recover normal business operations.

Our team is here to help. We can assist you with a compliance assessment to understand your gaps and provide guidance and expertise to remediate your issues. To learn more about how we can assist you, schedule your free no-obligation consultation today.


Wisconsin’s Insurance Data Security Act 73 and What it Means for Me and My Agency Seminar Video Summary

In this video, Michael Arnold, CEO of ITNS Consulting, delivers an insightful and information packed educational seminar about 2021 Wisconsin Act 73 to insurance agencies throughout Southern Wisconsin. This seminar introduces all of the key requirements of the new legislation and provides insight on how to become fully compliant by using the NIST Cyber Security Framework (NIST CSF) as a guide.

Download the Links and Resources Document referenced in the video below.



Don’t Take Unnecessary Risks With Your Business,

Schedule Your Consultation Today!

Download your Free copy of our Small Business IT Guide and learn more about How to Choose a Reliable IT Provider

Get Updates in Your Inbox!

Stay up to date with cybersecurity, compliance, and business technology.
Sign up to have Bits, Bytes & Insights delivered right to your Inbox.

Don’t Take Unnecessary Risks With Your Business,

Schedule Your Consultation Today!