Can I skip having an information security program in place in Wisconsin? What are the requirements?

Based on the information provided in document ^[1.1], a licensee in Wisconsin cannot skip having an information security program in place. The document states that “No later than November 1, 2022, a licensee shall develop, implement, and maintain a comprehensive written information security program based on the licensee’s risk assessment under sub. (2) and consistent with the conditions of sub. (3) (a).” The program must contain administrative, technical, and physical safeguards for the protection of the licensee’s information systems and nonpublic information. The licensee must also conduct a risk assessment and design the program to protect against threats and hazards to the security and integrity of the information systems and nonpublic information, protect against unauthorized access to and use of nonpublic information, and establish and periodically reevaluate a schedule for retention and disposal of nonpublic information.

Therefore, it is mandatory for a licensee in Wisconsin to have an information security program in place.

There are no exceptions or additional requirements for skipping the information security program in Wisconsin ^[2.1].

Source(s):

• [1.1] Information security program.
• [2.1] Exceptions and additional requirements for type 2 programs.

Jurisdiction

Wisconsin

• Privacy