This Wisconsin Department of Agriculture, Trade and Consumer Protection (DATCP) advisory committee on Data Privacy held its first meeting last week to help facilitate gathering public input for recommendations on future legislation and rules.
The Advisory Committee will include state government representatives, business interests, data stakeholders, and advocacy groups. The Department plans to facilitate communication across stakeholders and to develop legislation that will address data security and data breach challenges facing consumers and businesses in Wisconsin.  
Special thanks to Marco Martinez of Associated Bank, who is representing WBA and the banking industry on the Committee. Thanks, in advance, for your efforts! 
Advisory Committee Objectives: 

  • To identify and research possible changes to Wisconsin state law 
  • To determine the efficacy of consumer data privacy initiatives 
  • To consider how best to protect and secure information received by public and private entities in Wisconsin 
  • To determine the business community’s readiness to adopt potential regulatory enhancements. 

The nearly 30 members of the committee include representative from a variety of consumer groups and a small number of business groups; including WBA, WI Manufacturers & Commerce, WI Hospital Association, AARP, League of WI Municipalities, Consumer Law Clinic, Better Business Bureau, Sentry Insurance, and others. 
The committee took time to list individual goals for the Advisory Committee that looked a bit scary from a banking/business perspective. The 20 self-defined goals ranged from establishing a fund for consumer restitution in the event of a loss as a result of a breach to harmonization of privacy laws in Wisconsin to educating consumers.  
The Advisory Committee will be making a series of recommendations that will be considered by DATCP late spring 2020. 
2019 Report from Webroot Ranks States by Risk* 

Mississippi, Louisiana, California, Alaska, and Connecticut are the riskiest states in the U.S.A. based on consumer preparedness for cyberattacks, according to a new report from Webroot. The report examines the cyber hygiene habits of 10,000 Americans, 200 in each state, to determine what behaviors and practices they have in place to protect their information or identity from cybercriminals. While the five previously mentioned states scored the lowest on the cyber hygiene test, the average respondent’s grade wasn’t good either: 60% (or a “D”). 

Despite the low scores on general cybersecurity knowledge and best practices, consumers reported a high (and false) sense of confidence about their cybersecurity behaviors. The majority (88%) of survey participants believe they are taking the appropriate steps to protect themselves from cybercriminals; however, the high fail rate suggests a major opportunity for improvement.   

The 5 Riskiest States: 

  1. Mississippi 
  2. Louisiana 
  3. California 
  4. Alaska 
  5. Connecticut 

The 5 Least Risky (Safest) States: 

  1. Kentucky 
  2. Idaho 
  3. Ohio 
  4. North Dakota 
  5. New Hampshire 

Notable Findings: 

Americans in every state are overconfident 

  • 88% feel they take the right steps to protect themselves from cyberattacks. 
  • Only 10% are A students in cyber hygiene, scoring 90% or higher. 
  • The highest scoring state, New Hampshire, only scored a 65%. 

Americans have a surface level understanding of common cyber threats 

  • 79% of Americans have heard of malware, but only 28% could explain what it is. 
  • 70% of Americans have heard of phishing, but only 33% could explain what it is. 
  • 49% of Americans have heard of ransomware, but only 21% could explain what it is. 

Less than half of Americans adopt cyber hygiene best practices 

  • 64% of participants don’t keep their social media accounts private. 
  • 63% of participants reuse passwords across multiple accounts. 
  • 62% of participants rely on a free antivirus software. 

A small group (5%) of cyber hygiene “superstars” go above and beyond in every state 

  • These superstars take additional steps to protect themselves, including: 
    • Backing up data using multiple methods (online and offline) 
    • Investing in a reliable, modern-antivirus solution, and keeping it up to date 
    • Using a secure password manager