Mandatory Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of Breach Notification Laws:
- Up to $150,000 per breach

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Breach reporting to all consumer reporting agencies that compile and maintain files on a nationwide basis is required if more than 1,000 persons are affected by a breach of security, without unreasonable delay.
  • There is specifically defined information that must be included in the consumer notification.
  • There are industry specific laws governing protection of personal data for health, insurance and education.
  • If a vendor is breached, they must report it to the data owner.  The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • W. Va. Code §§ 46A-2A-101 – 46A-2A-105  Breach of Security of Consumer Information 
  • W. Va. Code §§ 33-6F-1 – 33-6F-2   Insurance / Disclosure of Non-Public Personal Information
  • W. Va. Code § 18-2-5h  Student Data Accessibility, Transparency and Accountability Act
  • W. Va. Code §§ 16-29G-1 and 16-29G-8  West Virginia Health Information Network/ Privacy; protection of information
BAck to map

Our site uses cookies to ensure you get the best experience on our website. If you continue without changing your browser settings, you are providing consent to our Cookie Policy.

Yes, I Accept Cookies