|West Virginia Consumer Credit and Protection Act|
|CITATION||W.V. Code §§ 46A-2A-101 et seq.|
|SUMMARY||The law requires an entity to provide notice to any resident of West Virginia whose un-redacted and unencrypted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person, and that causes or which could reasonably be considered to cause identity theft or fraud to any West Virginia resident.|
The law covers ‘Personal Information’ which is defined to mean first name or first initial and last name linked to any one or more of the following data elements that relate to a resident of this state, when the data elements are neither encrypted nor redacted:
|INDUSTRY||An individual or entity that owns or licenses computerized data that includes PI or maintains such data.|
Failure to comply with the law is considered to be an unfair or deceptive act of practice in violation of the law. The Attorney General has the exclusive authority to pursue an action for such a violation. No civil penalty may be assessed unless the court finds that the defendant has engaged in a course of repeated and willful violations of the law. No civil penalty may exceed one hundred fifty thousand dollars ($150,000) per breach discovered in a single investigation.
A violation by a financial institution is enforceable only by the financial institution’s primary functional regulator.