2017 - 2018 LEGISLATURE
SENATE AMENDMENT 17,
TO ASSEMBLY BILL 64
September 15, 2017 - Offered by Senators Vinehout, Bewley, Ringhand,
Carpenter, L. Taylor, Risser, Hansen and Larson.
At the locations indicated, amend the bill
, as shown by assembly substitute 2
amendment 1, as follows:
20.155 (3) (a) of the statutes is created to read:
(a) Broadband expansion grants; general purpose revenue funding. 7
As a continuing appropriation, the amounts in the schedule for broadband expansion 8
grants under s. 196.504.”.
100.70 of the statutes is created to read:
1100.70 Privacy and security of information obtained by an Internet
2service provider. (1) Definitions.
In this section:
(a) “Breach of security” means any instance in which a person, without 4
authorization or exceeding authorization, has gained access to, used, or disclosed 5
customer proprietary information.
(b) 1. “Broadband Internet access service” means a mass-market retail service 7
by wire or radio that provides the capability to transmit data and receive data from 8
all or substantially all Internet endpoints, including any capabilities that are 9
incidental to and enable the operation of the service, but excluding dial-up Internet 10
2. “Broadband Internet access service” includes any service that the 12
department finds is a functional equivalent of the service specified in subd. 1. or is 13
used to evade the requirements under this section.
(c) “Customer” means any of the following:
1. A current or former subscriber to broadband Internet access service who 16
resides in this state.
2. A person who resides in this state and uses or has used broadband Internet 18
access service that is provided under an agreement between a current or former 19
subscriber who resides in this state and a broadband Internet access service 20
(d) “Customer proprietary information” means any of the following 22
1. Individually identifiable information that relates to the quantity, technical 24
configuration, type, destination, location, or amount of use of a broadband Internet
access service subscribed to by a customer of a provider of that service, and that is 2
made available to the provider by the customer.
2. Any information that is linked or reasonably able to be linked to an 4
individual or a device.
3. Content of a customer's communications.
(e) “Material change” means any change that a customer, acting reasonably 7
under the circumstances, would consider important to his or her decisions 8
concerning his or her privacy, including any change to information required to be 9
presented in the notice required under sub. (2) (b).
(f) “Non-sensitive customer proprietary information” means customer 11
proprietary information that is not sensitive customer proprietary information.
(g) “Opt-in approval” means the method for obtaining customer consent in 13
which a provider obtains from the customer affirmative, express consent after the 14
customer is provided appropriate notification of the provider's request for consent.
(h) “Opt-out approval” means the method for obtaining customer consent in 16
which a customer is deemed to have consented if the customer has failed to object to 17
a provider's request after the customer is provided with appropriate notification of 18
the provider's request for consent.
(i) “Prospective customer” means an applicant for broadband Internet access 20
service who resides in this state.
(j) “Sensitive customer proprietary information” means customer proprietary 22
information that is any of the following:
1. Financial information.
2. Health information.
3. Information pertaining to a child.
4. A social security number.
5. Precise geo-location information.
6. Content of communications.
7. Web browsing history, smart phone or tablet computer application usage 5
history, and the functional equivalents of either.
(k) “Subscriber” means a person who enters into an agreement for the provision 7
of broadband Internet access services with a provider of broadband Internet access 8
services. “Subscriber” does not include a person who resells services.
9(2) Notice requirements
When notice required
. 1. A broadband Internet 10
access service provider shall make a notice available at all times to customers about 11
its policies concerning the privacy of the information that the provider obtains about 12
2. A broadband Internet access service provider shall notify a prospective 14
customer, at the point of sale, prior to a purchase of service, about its policies 15
concerning the privacy of information that the provider obtains about customers.
. A broadband Internet access service provider shall include all of 17
the following in the notice provided to customers under par. (a):
1. A specific description of the types of customer proprietary information that 19
the broadband Internet access service provider collects from providing broadband 20
Internet access service and how it uses that information.
2. A specific description of the circumstances under which the broadband 22
Internet access service provider discloses or permits access to each type of customer 23
proprietary information that it collects.
3. A specific description of the categories of entities to which the broadband 25
Internet access service provider discloses or permits to access customer proprietary
information and the purposes for which that information will be used by each 2
category of entities.
4. A specific description of the customer's rights to grant, deny, or withdraw 4
approval concerning the customer's proprietary information, including each of the 5
a. A statement that the customer's denial or withdrawal of approval to use, 7
disclose, or permit access to customer proprietary information will not affect the 8
provision of any broadband Internet access services to the customer.
b. A statement that any grant, denial, or withdrawal of approval for the use, 10
disclosure, or permission of access to customer proprietary information is valid until 11
the customer affirmatively revokes the grant, denial, or withdrawal.
c. A statement that the customer has the right to deny or withdraw approval 13
to use, disclose, or permit access to customer proprietary information at any time.
5. Access to a mechanism required under sub. (3) (d) 3.
A broadband Internet access service 16
provider shall provide a notice, through electronic mail or another means of prompt 17
communication agreed upon by the customer, to a customer of a material change to 18
its policies concerning the privacy of information that the provider obtains about the 19
customer. The notice shall include all of the following:
1. A specific description of the changes made to the provider's privacy policies, 21
including any changes to what customer proprietary information the provider 22
collects; how the provider uses, discloses, or permits access to that information; the 23
categories of entities to which it discloses or permits access to customer proprietary 24
information; and which, if any, changes are retroactive.
2. The description required under par. (b) 4.