After gathering dust for a decade, Wisconsin’s data privacy and security laws may be getting an update soon. A key legislative council took the first step toward new laws by releasing a long-awaited report. 

Yesterday, Sept. 1, Wisconsin’s Department of Agriculture, Trade and Consumer Protection (DATCP) published a report nine months in the making. DATCP’s Data Privacy and Security Advisory Committee, made up of 25 public and private sector representatives ranging from law enforcement to financial services, released its comprehensive Data Privacy and Security Report. 

In June, WBA signed on to a letter sent with a coalition of 10 other business groups to committee to “weigh the preferences of consumers against the needs of businesses that process personal data.” 

During the release meeting, Lara Sutherlin, DATCP administrator of trade and consumer protection, praised the report for being a “tool” for lawmakers to use in identifying next steps for Wisconsin legislation. DATCP Secretary-Designee Randy Romanski also stated the strength of the report is that it is analytical, rather than directive. He called it “a meaningful change for Wisconsin’s data privacy and security landscape.” 

Many members of the committee said they gained valuable insight from hearing diverse perspectives from the wide range of backgrounds and viewpoints of their fellow committee members. Special thanks to WBA representative Marco Martinez, compliance officer at Associated Bank, currently serving on the committee. Martinez is helping the other members on the committee understand the banking industry’s concerns regarding data privacy and a bank’s role in protecting their customers’ data. 

In preparing the report, the committee examined and evaluated existing data security laws and proposals, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and model data security legislation for the insurance industry drafted by the National Association of Insurance Commissioners. After hearing from subject matter experts, committee members divided into three workgroups (Education, New Ideas, and Harmonization) before preparing sets of ideas for Wisconsin and collecting insights for lawmakers to consider. 

Each workgroup’s ideas for Wisconsin are below: 


This workgroup discussed ideas for education targeted toward all age levels and audience types using various media platforms. 

  1. Work with industry to develop and train on minimum standards for identifying, securing, and maintaining consumer data; and 
  2. Develop a Consumer Data Privacy and Security Hub to facilitate cross-agency connections to information. 

New Ideas: 

This workgroup explored new and innovative ideas that were mentioned by speakers and members during the full Advisory Committee meetings. 

  1. Create a Data Controller Registry in the state of Wisconsin that collects fees and requires the following of businesses: best practices for data security, data security insurance, and algorithm accountability practices. Any assessed registration fees would be required on a sliding scale depending on the size of the business. 
  2. Create a fund to assist victims of breaches using the fees collected from the Data Controller Registry. 
  3. Establish a Data Privacy and Security support group for small businesses and consumers to exchange information, supported from fees collected from the Data Controller Registry. 
  4. Create a barrier to transferring data without the consent of a person to transfer data. 


This workgroup was charged with discussing the need for harmonization of consumer data privacy, security, and breach regulation in Wisconsin with other regulatory frameworks. 

  1. Recommendation that any legislative package in Wisconsin should: 
    • Be a comprehensive package including data privacy, security, and breach, 
    • Include harmonization of definitions, 
    • Have considerations for small business, 
    • Avoid conflicting with other regulations. 
  2. The group discussed “at length” how any Wisconsin laws must recognize existing federal regulations including the Gramm-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA). 

Read the report here.

For specific security training related to the banking industry, register for the WBA Secur-I.T. Conference, coming up virtually on Sept. 22-23. Register today!