Current through Acts 2023-2024, ch. 272
Section 601.953 - Investigation of cybersecurity event(1) If a licensee learns that a cybersecurity event involving the licensee's information systems or nonpublic information has or may have occurred, the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation that, at a minimum, includes all of the following:(a) An assessment of the nature and scope of the cybersecurity event.(b) The identification of any nonpublic information that was or may have been involved in the cybersecurity event.(c) The performance of reasonable measures to restore the security of the licensee's information systems compromised in the cybersecurity event and prevent additional unauthorized acquisition, release, or use of nonpublic information.(2) If a licensee knows that a cybersecurity event has or may have occurred in an information system maintained by a 3rd-party service provider, the licensee shall comply with sub. (1) or make reasonable efforts to confirm and document that the 3rd-party service provider has either complied with sub. (1) or failed to cooperate with the investigation under sub. (1).(3) The licensee shall maintain records concerning a cybersecurity event for a period of at least 5 years starting from the date of the cybersecurity event and shall produce the records upon demand of the commissioner.Added by Acts 2021 ch, 73,s 6, eff. 11/1/2021.