Wisconsin Statutes & Annotations
Chapter 601 - Insurance — administration.
601.953 - Investigation of cybersecurity event.

601.953 Investigation of cybersecurity event.
(1) If a licensee learns that a cybersecurity event involving the licensee's information systems or nonpublic information has or may have occurred, the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation that, at a minimum, includes all of the following:
(a) An assessment of the nature and scope of the cybersecurity event.
(b) The identification of any nonpublic information that was or may have been involved in the cybersecurity event.
(c) The performance of reasonable measures to restore the security of the licensee's information systems compromised in the cybersecurity event and prevent additional unauthorized acquisition, release, or use of nonpublic information.
(2) If a licensee knows that a cybersecurity event has or may have occurred in an information system maintained by a 3rd-party service provider, the licensee shall comply with sub. (1) or make reasonable efforts to confirm and document that the 3rd-party service provider has either complied with sub. (1) or failed to cooperate with the investigation under sub. (1).
(3) The licensee shall maintain records concerning a cybersecurity event for a period of at least 5 years starting from the date of the cybersecurity event and shall produce the records upon demand of the commissioner.
History: 2021 a. 73.

<< Previous
Next >>

Structure Wisconsin Statutes & Annotations

Wisconsin Statutes & Annotations

Chapter 601 - Insurance — administration.

601.01 - Purposes.

601.02 - Definitions.

601.04 - Certificate of authority; fee.

601.11 - Personnel.

601.12 - Legal services.

601.13 - Financial services; deposits.

601.14 - Supporting services.

601.15 - Oath.

601.16 - Official seal and signature.

601.18 - Delegation.

601.19 - Organization of the office.

601.20 - Advisory councils and committees.

601.31 - Fees.

601.32 - Supervision of industry, supplementary fee.

601.33 - Exemption from taxation.

601.41 - General duties and powers.

601.415 - Miscellaneous duties.

601.42 - Reports and replies.

601.423 - Social and financial impact reports.

601.43 - Examinations and alternatives.

601.44 - Conducting examinations.

601.45 - Examination costs.

601.46 - Commissioner's records and reports.

601.465 - Nondisclosure of information.

601.47 - Publications.

601.48 - Participation in organizations.

601.49 - Access to records.

601.51 - Provision of certified copies and notices.

601.53 - Insolvency notices.

601.55 - Nondomestic insurers; additional requirements.

601.56 - Study and rules on standards for health insurers.

601.57 - Study and rules on health insurance identification cards.

601.58 - Interstate insurance product regulation compact.

601.61 - Auxiliary procedural powers.

601.62 - Hearings.

601.63 - Notice and effective date of orders.

601.64 - Enforcement procedure.

601.65 - Marketing firm forfeitures.

601.71 - Enforcement of policyholder rights.

601.715 - Registered agent for service of process.

601.72 - Service of process through state officer.

601.73 - Procedure for service of process through state officer.

601.80 - Definitions; healthcare stability plan.

601.83 - Healthcare stability plan; administration.

601.85 - Accounting, reports, and audits.

601.93 - Payment of dues.

601.935 - Penalties.

601.95 - Definitions.

601.951 - General provisions.

601.952 - Information security program.

601.953 - Investigation of cybersecurity event.

601.954 - Notification of a cybersecurity event.

601.955 - Confidentiality.

601.956 - Enforcement.