Sign In
  • InsideTrack
  • December 19, 2018

    Wisconsin's Data Breach Notification Law: What Is Required of My Law Firm?

    Here are a few quick tips about complying with Wisconsin's data breach notification law. Hint: it's all about personal information.

    Michael A. Harty

    skull and crossed bones in data

    Dec. 19, 2018 – The real threat of cyberattacks and cyber scams is a growing problem – and not just to big corporations like Marriott Hotels Group, which recently announced the second biggest breach in history. What do you need to do to protect your practice and your firm?

    Personal Information and the Data Breach Notification Law

    First, to comply with Wisconsin’s Data Breach Notification Law, Wis. Stat. section 134.98, get to know the law and your responsibilities, in particular, regarding your clients’ personal information. Personal information can be in the form of both electronic and non-electronic data (i.e., paper).

    The security breach notification law – or data breach notification law – requires an entity that has experienced a data breach to notify their customers and other parties about the breach, and to take steps to remediate injuries caused by the breach.

    These laws typically have provisions pertaining to:

    • who must comply with the data breach law;

    • definitions of personal information;

    • what constitutes a breach (unauthorized acquisition of data);

    • requirements for notice (timing or method of notice, who must be notified, etc.); and

    • exemptions (such as for encrypted information).

    Required Actions Following a Data Breach

    The data breach law requires a business to notify individuals when their personal information, maintained by the business, is obtained by an unauthorized person.

    Michael HartyMichael Harty is director of program business at M3 Insurance, Madison, a cyber insurance member benefit business partner of the State Bar of Wisconsin.

    The notice must be given within a reasonable time period – not to exceed 45 days – after the entity learns of the unauthorized acquisition of the personal information.

    While failure to comply with this section of the Wisconsin statute is not negligence or a breach of any duty, it could be deemed as a negligent act or breach of legal duty on the part of the lawyer and the firm, which could give rise to an errors and omissions claim.

    Finally, if your Wisconsin law firm has clients in other states, it is important to understand the breach notification laws for that particular state.

    Cyber Insurance: Another First Step

    A new benefit for State Bar of Wisconsin members can help you fight cyber threats. Coverage is tailored to your firm size and resources. Find out more on the cyber insurance member benefits page on

    Where to Learn More

    Here are more resources to help you demystify cyberattacks and cyber insurance as well as protect your data:

    Live CLE Seminar Helps You Prepare for a Data Breach

    Learn how to take steps to better protect your firm at the CLE seminar Preparing for a Data Breach from State Bar of Wisconsin PINNACLE®.

    This 1.0 CLE seminar will help you:

    • understand the basics of common security attacks;

    • learn how to protect your email system;

    • discover how to stop data breaches before they start;

    • find out what a basic incident response plan should look like; and

    • know what should be included in an organization’s data privacy and security policy.

    Plus, learn the regulatory reporting requirements after a data breach. It’s everything you need to get your firm’s cybersecurity on track.

    Attend the seminar live on Jan. 22, or via webcast replays in January and February. For more information, visit’s Marketplace.

    OnDemand CLE Seminars on Cybersecurity

    These OnDemand CLE seminars from State Bar of Wisconsin PINNACLE can help you when you have the time.

    • Create a Cybersecurity Plan for 2018
      This OnDemand seminar teaches you to explore common cyber risks and learn how to avoid them; discover best practices for passwords, data backups, and more; and understand the nine cyber scenarios you should be insured for, plus the insurance your IT provider should have. Plus, you’ll walk away with a workable plan to prevent and recover from cybersecurity threats.

    • Developing a Written Information Security Policy for You and Your Clients – 2018
      This OnDemand seminar will help you understand the importance of a written information security policy, teach you how to draft an information security policy and incident response plan, and help you employ the best practices for policy implementation and explore the necessary standards and levels to include in these policies.


Join the conversation! Log in to comment.

News & Pubs Search

Format: MM/DD/YYYY