Class Action U Logo
Check Your Eligibility

Wisconsin Privacy Policy

Wisconsin’s data privacy laws are not as comprehensive as those of other states, but there are still basic protections in place for personal privacy and identity theft. Additionally, Wisconsin mandates that when data breaches occur, affected individuals must receive notice within 45 days of the breach.

Check Your Eligibility
the image visually represents legal concepts related to privacy rights, regulations, and enforcement
  • January 30, 2026
  • Key Takeaways
  • In Wisconsin, there is no comprehensive data protection law like those of California, Illinois, Oregon, and several other states. However, certain Wisconsin state statutes and federal regulations combine to give consumers basic protections.
  • Wisconsin data breach notification laws require businesses and government entities that experience data breaches to notify consumers within 45 days, unless the breach poses no real threat of fraud or identity theft.
  • Protected personal information in Wisconsin includes names, government-issued identification numbers, financial account information, biometric data, and other sensitive details.
  • Victims of data breaches in Wisconsin have the right to seek compensation, sometimes via a class-action lawsuit.

Overview of Data Privacy in Wisconsin

Data privacy in Wisconsin is governed by the Department of Agriculture, Trade, and Consumer Protection. Though the state does not have a comprehensive, far-reaching data protection law, it does have several smaller laws that govern data breach notifications, phone records, and identity theft protections.

Under Wisconsin law, no one can obtain or sell a customer’s telephone records without their consent. The state also has industry-specific data privacy laws – no financial institution, investment company, medical business, or tax preparation business can dispose of records containing consumers’ personal information without fully destroying the information.

Wisconsin Data Breach Notification Law (Wis. Stat. § 134.98)

Wisconsin has specific legal requirements for notifying individuals when their personal data is compromised or breached. Under Wis. Stat. § 134.98, when entities doing business in Wisconsin that collect personal information become aware that an unauthorized individual has accessed that information, the company must notify all individuals whose data was acquired.

This applies to any entity doing business in Wisconsin, including state and local government organizations. However, there are exceptions for sole proprietorships, federally regulated financial institutions, and health care providers.

Under Wisconsin law, personal information includes names, Social Security numbers, driver’s license numbers, state ID numbers, financial account information, DNA profiles, fingerprints, voice prints, retina or iris images, and any other unique physical representation. These elements are considered breached only if accessed while unencrypted and unredacted.

Who Must Comply

Any entity whose principal place of business is in Wisconsin or entities that maintain or license personal information in Wisconsin must abide by the state’s data breach notification laws. When an entity discovers that unencrypted personal information in its possession has been accessed or acquired by an unauthorized person, the entity must make reasonable efforts to notify everyone whose data was compromised. However, notice is not required if the breach did not create a material risk of identity theft or fraud.

Timing and Content of Notification

In most data breach cases in Wisconsin, notice must be given to affected individuals within 45 days of the breached entity’s discovery of the breach. If the data breach affected at least 1,000 people, the breached entity must also notify all consumer reporting agencies that compile and maintain consumer files nationwide of the timing, distribution, and content of the notices sent to the affected individuals.

Although Wisconsin law does not specify the details that must be included in data breach notifications, the notice should generally include information about the breach, the types of data affected, and the business’s contact information. Notices often include steps consumers can take to protect themselves.

Experienced a BREACH?
Get Help Now
CAU logo

Wisconsin Consumer Data Protection Law

While Wisconsin currently lacks a comprehensive consumer privacy law like California’s Consumer Privacy Act, several bills have been introduced in recent years aimed at regulating consumer privacy in the future. The Wisconsin Data Privacy Act was a 2023 Assembly Bill in Wisconsin (AB 466) aiming to give Wisconsin residents data rights and impose duties on businesses for handling personal data, but it did not pass the state senate.

What Types of Personal Information Are Covered by Wisconsin Law?

Under Wis. Stat. § 943.201, personal information that can be stolen via identity theft includes names, addresses, phone numbers, driver’s license numbers, Social Security numbers, employment information, tax information, biometric information, and banking information. Wisconsin law dictates that it is illegal to use someone’s personal information without their consent to obtain credit, money, goods, services, or employment; avoid civil or criminal process or penalty; or harm the reputation, property, person, or estate of that individual.

Business Obligations Under Wisconsin Law

Although Wisconsin lacks comprehensive laws governing businesses’ data collection and processing, it’s still essential for corporations to implement reasonable security practices to prevent breaches. Secure storage practices, such as data encryption, secure access controls, and regular audits, can help prevent data breaches and detect them if they do occur. Additionally, businesses must establish processes to respond to data breaches, notify affected individuals, and inform relevant regulatory authorities as necessary.

What Wisconsin Consumers Should Do After a Data Breach

After a data breach, Wisconsin residents whose personal information was compromised can take several steps to protect their personal information, financial security, and identity.

  • Verify What Data Was Compromised: Review the breach notice to determine what personal information was accessed.
  • Credit Monitoring, Freezes & Identity Protections: Use credit monitoring services, place free credit freezes or fraud alerts, and regularly review financial statements.
  • File a Legal Claim: While Wisconsin’s breach notification law does not provide a private right of action, victims may still pursue claims under other legal theories or by joining data breach class actions.

Class Action U Can Help

In the event of a data breach, Wisconsin consumers have the right to seek restitution for their losses, often by filing or joining a class-action lawsuit. At Class Action U, we simplify the process for individuals joining ongoing data breach lawsuits, connecting them with our legal partners who are ready to handle their cases.

If you’ve been affected by a breach that could potentially lead to a class action lawsuit but hasn’t yet, we encourage you to share your information with us. We’ll evaluate the situation to see if it warrants a class action filing. For those eligible to participate in an existing class action, our site offers a straightforward way to sign up. Contact Class Action U today to be connected with a data breach lawyer experienced in class action lawsuits, and to learn more about your legal options if you were part of a data breach.

Start Your Data Breach Claim
Were you recently affected by a data breach? 
Contact Us Today
Related Pages
Latest Data Breach News