Close
logo

West Virginia Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach
Reporting		 Consumer
Notifications
Vendor
Management		 Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach
Reporting		 Consumer
Notifications
Vendor
Management		 Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

West Virginia Privacy Law Information

  • Breach Reporting

    Breach reporting to all consumer reporting agencies that compile and maintain files on a nationwide basis is required if more than 1,000 persons are affected by a breach of security, without unreasonable delay. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

  • Consumer Notification

    There is specifically defined information that must be included in the consumer notification. If any state residents are affected by a breach of security, the breached Organization must give notice without delay to each individual affected by the breach.

  • Vendor/Third Parties

    Vendors must notify Organizations as soon as possible after the discovery of a breach or suspected breach.

  • Industry Specific Laws

    There are industry-specific laws governing the protection of personal data for health, insurance, and education.

  • Fines & Penalties

    The Attorney General may bring an action to enforce repeated and willful violations of the breach requirements, with civil penalties assessed up to $150,000. Violations of the breach notification requirements constitute an unfair or deceptive act or practice.

West Virginia

Statutes and Laws

W. VA. CODE § 18-2-5H

Student data accessibility, transparency and accountability act

W. VA. CODE §§ 16-29G-1 – 16-29G-8

West Virginia health information network/privacy; protection of information

W. VA. CODE §§ 33-6F-1 – 33-6F-2

Insurance/disclosure of non-public personal information

W. VA. CODE §§ 46A-2A-101 – 46A-2A-105

Breach of security of consumer information