Ask Reggi Your Question Now
Can you summarize WVCO Chapter 46A, Article 2A?
WEST VIRGINIA CONSUMER CREDIT AND PROTECTION ACT. > BREACH OF SECURITY OF CONSUMER INFORMATION.
Short Summary
The provided legal document content pertains to the breach of the security of consumer information under the West Virginia Consumer Credit and Protection Act. It defines the term ‘breach of the security of a system’ as the unauthorized access and acquisition of unencrypted and unredacted computerized data compromising the security or confidentiality of personal information. The breach must cause the individual or entity to reasonably believe it will result in identity theft or other fraud to any resident of West Virginia. The document specifies that the breach does not include the good faith acquisition of personal information by an employee or agent for lawful purposes, as long as it is not used for unauthorized disclosure. The document provides definitions for various terms and explains the forms of notice that can be provided in case of a breach. It also defines the term ‘redact’ as the alteration or truncation of data to limit access to sensitive information. The document requires individuals or entities to give notice of any breach of security to residents of West Virginia whose personal information was accessed by an unauthorized person. The notice must be made without unreasonable delay and include a description of the categories of information accessed, contact information for the entity, and information on how to place a fraud alert or security freeze. If more than one thousand persons need to be notified, consumer reporting agencies must also be notified. Law enforcement agencies may delay notice if it would impede an investigation or jeopardize national or homeland security. The document specifies that entities subject to Title V of the Gramm Leach Bliley Act are exempt from this section. Failure to comply with the notice provisions constitutes an unfair or deceptive act of practice and may be enforced by the Attorney General. The Attorney General has exclusive authority to bring action, and civil penalties may be assessed for repeated and willful violations, not exceeding $150,000 per breach or series of breaches discovered in a single investigation. Violations by licensed financial institutions are enforceable exclusively by the financial institution’s primary functional regulator.
Whom does it apply to?
Individuals or entities that own or license computerized data containing personal information
What does it govern?
Breach of the security of consumer information
What are exemptions?
Entities subject to Title V of the Gramm Leach Bliley Act are exempt from this section.
What are the Penalties?
Failure to comply with the notice provisions of this article constitutes an unfair or deceptive act of practice in violation of section one hundred four, article six, chapter forty-six-a of this code, which may be enforced by the Attorney General pursuant to the enforcement provisions of this chapter. The Attorney General shall have exclusive authority to bring action. No civil penalty may be assessed in an action unless the court finds that the defendant has engaged in a course of repeated and willful violations of this article. No civil penalty shall exceed $150,000 per breach of security of the system or series of breaches of a similar nature that are discovered in a single investigation. A violation of this article by a licensed financial institution shall be enforceable exclusively by the financial institution's primary functional regulator.
Jurisdiction
West Virginia