Request a Consultation
Offering Phone, Video, and In-Person Consultations 608-784-8310

What Information Do I Need to Disclose About a Data Breach?

Cybercrimes are more common than ever, and hackers are using more sophisticated methods of intrusion to steal company and customer data. If your business has been victimized by cybercrime, you will want to know what to do and what information you need to disclose about a data breach.

What is a Data Security Breach

A data security breach is the unauthorized acquisition of personal information. Specifically, the U.S. government defines a breach as the loss of control or the compromise of personally identifiable information or when an authorized person utilizes information for purposes other than for which it was authorized. Data security breaches are becoming more common. In 2023, there were more than 234 million victims of data breaches in the United States. There are more than 2,200 security attacks every day. Companies need to take steps to protect their information.

Data Security Breach Notification Laws

Wisconsin Statute 134.98 provides details for the notice of unauthorized acquisition of personal information. The law applies to businesses operating in Wisconsin and who maintain information about people who live in Wisconsin. The law also applies to governmental agencies, cities, towns, and counties. Personal information includes a person’s last name and first name or initial when linked to another piece of data. Some of these types of data are social security numbers, driver’s license numbers, credit or debit card numbers, security codes or passwords, DNA profiles, or any biometric information. Biometric information is data such as a fingerprint, voice print, retina scan, or any other unique physical representation.

Notice of Unauthorized Acquisition of Personal Information

If your company’s data was hacked and personal information breached, you are required to disclose it pursuant to the law. The law states that the company must provide notice of fact to the people whose information was obtained. Notice must be given by mail or by the method with which the company has previously communicated with the person. If the person makes a request, you must disclose the exact personal information that was obtained in the breach. If you do not have an address or other method of communicating with the person, you must take steps to provide notice. You can do this through a newspaper, radio, or television advertisement.

You must disclose the breach to individuals within 45 days of learning about it. In cases where data from more than 1,000 individuals was obtained at the same time, you must also give notice to credit reporting companies that compile and maintain consumer files. In some situations, a law enforcement agency may request that you do not provide this notice until they complete their investigation. It is important to note that no notice is required unless the data that was obtained causes a material risk of fraud or identity theft.

It is critical to take steps to protect the data that your company maintains. Even if you are vigilant, hackers may still find a way to breach your data. If your data is breached, you need to address it quickly with the help of a knowledgeable attorney. Contact us today at (608) 784-8310 or online to schedule a consultation.

Published March 25, 2024
Contact MSM Online Bill Pay