What to expect from DATCP Data Privacy and Security Advisory Committee Recommendations 

The DATCP Data Privacy and Security Advisory Committee was created in Summer 2019 as an effort to facilitate communication across stakeholders and to develop legislation that will address data security and data breach challenges facing consumers and businesses in Wisconsin. The Committee includes state government representatives, business interests, data stakeholders, and advocacy groups. The Committee hopes to achieve this through recommendations based on current Wisconsin law, law and proposed legislation in other states, and industry trends. 

The Department plans for the Committee to conclude its work and issue its final report to the Secretary in Summer 2020. 

The Department has created the following objectives for the Committee: 

  • To identify and research possible changes to Wisconsin state law 
  • To determine the efficacy of consumer data privacy initiatives 
  • To consider how best to protect and secure information received by public and private entities in Wisconsin 
  • To determine the business community’s readiness to adopt potential regulatory enhancements 

Special thanks to WBA Representative Marco Martinez, compliance officer at Associated Bank, currently serving on the committee. Martinez is helping the other members on the committee understand the banking industry’s concerns regarding data privacy and a bank’s role in protecting their customers’ data. 

The next meeting will be on June 16. 

State Lawmakers Telegraph Potential Recommendations of Committee 

Lawmakers in Wisconsin have proposed three bills that, if enacted, would create privacy rights for Wisconsin residents and compliance burdens for entities that process or control consumer data. All three bills were introduced on Feb. 10, 2020 and an initial public hearing was held on Feb. 12, 2020. 

The bills, likely to be brought up next session were championed by state Rep. Shannon Zimmerman. Rep. Zimmerman has a strong business background, but took a hard populist stance on data privacy. Zimmerman led the company, Sajan, Inc. to be recognized multiple times by INC Magazine for growth and according to the Milwaukee Business Journal, has been one of the top five public growth companies over recent years. 

Rep. Zimmerman introduced three bills related to data privacy. The bills—Assembly Bill 870, Assembly Bill 871, and Assembly Bill 872—are designed to “fundamentally reset consumer relationships with companies” and are “based off of the European General Data Protection Regulation (GDPR), which is considered the gold standard among privacy advocates.” See legislation memorandum dated Jan. 29, 2019 by the bills’ author, Representative Shannon Zimmerman, as well as the Feb. 12, 2020 hearing materials

The Wisconsin Data Privacy Act, if enacted, would create CCPA and GDPR-like rights for Wisconsin residents. The law would also impose significant new obligations on businesses. While it does not provide for a private right of action, the law would be enforceable by the attorney general and violations could result in penalties of up to $20,000,000 or up to four percent (4%) of the entity’s total annual revenue, whichever is greater.