Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ensure that my company is compliant with expanding privacy protections in Wisconsin? What are the requirements?

Requirements for Complying with Privacy Protections in Wisconsin

To ensure compliance with expanding privacy protections in Wisconsin, companies must adhere to the requirements outlined in the Wisconsin Administrative Code, specifically WIAC Ins 25.10, WIAC Ins 25.13, WIAC Ins 25.15, WIAC Ins 25.20, and WIAC Ins 25.25.

Annual Privacy Notice Requirement

Under WIAC Ins 25.13, companies must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices with regard to nonpublic personal financial information not less than annually during the continuation of the customer relationship. The notice must be provided at least once in any period of twelve consecutive months during which that relationship exists. Companies may define the twelve consecutive-month period, but they shall apply it to the customer on a consistent basis.

Revised Privacy Notice Requirement

Under WIAC Ins 25.20, companies shall not, directly or through an affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party other than as described in the initial notice that the licensee provided to that consumer under WIAC Ins 25.10, unless all of the following have occurred:

  • The licensee has provided to the consumer a clear and conspicuous revised notice that accurately describes its policies and practices.
  • The licensee has provided to the consumer a new opt-out notice.
  • The licensee has given the consumer a reasonable opportunity, before the licensee discloses the information to the nonaffiliated third party, to opt out of the disclosure.
  • The consumer does not opt out.

Information to be Included in Privacy Notices

Under WIAC Ins 25.15, the initial, annual, and revised privacy notices that a licensee provides shall include all of the following items of information, in addition to any other information the licensee wishes to provide, that applies to the licensee and to the consumers to whom the licensee sends its privacy notice:

  • The categories of nonpublic personal financial information that the licensee collects.
  • The categories of nonpublic personal financial information that the licensee discloses.
  • The categories of affiliates and nonaffiliated third parties to which the licensee discloses nonpublic personal financial information, other than those parties to whom the licensee discloses information under WIAC Ins 25.55 and WIAC Ins 25.60.
  • The categories of nonpublic personal financial information about the licensee’s former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about the licensee’s former customers, other than those parties to whom the licensee discloses information under WIAC Ins 25.55 and WIAC Ins 25.60.
  • If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under WIAC Ins 25.50 (and no other exception in WIAC Ins 25.55 and WIAC Ins 25.60 applies to that disclosure), a separate description of the categories of information the licensee discloses and the categories of third parties with whom the licensee has contracted.
  • An explanation of the consumer’s right under WIAC Ins 25.30 (1) to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time.
  • Any disclosures that the licensee makes under Section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 USC 1681a(d)(2)(A)(iii)) (that is, notices regarding the ability to opt out of disclosures of information among affiliates).
  • The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information.
  • Any disclosure that the licensee makes under sub. (2).

Delivery of Privacy Notices

When a licensee is required to deliver an annual or revised privacy notice, the licensee shall deliver it according to WIAC Ins 25.25.

To ensure compliance with expanding privacy protections in Wisconsin, companies must provide annual and revised privacy notices that accurately reflect their privacy policies and practices, and include the required information outlined in WIAC Ins 25.15. Companies must also adhere to the delivery requirements outlined in WIAC Ins 25.25.

In addition, companies may want to consider the certification requirements outlined in the Wisconsin Administrative Code. If your company is already certified by another public-sector agency, the Wisconsin Department of Administration may waive some or all of the certification application requirements and procedures under s. Adm 83.50 [2.1]. If your company is a non-Wisconsin business, it may be certified by the Wisconsin Department of Administration only if the business meets the eligibility standards in s. Adm 83.20, and the business is certified by any applicable state agency in the business’s own state [2.2].

I hope this helps!

Source(s):
Jurisdiction

Wisconsin