(a) An entity that maintains its own notification procedures as part of an information privacy or security policy for the treatment of personal information and that are consistent with the timing requirements of this article shall be deemed to be in compliance with the notification requirements of this article if it notifies residents of this state in accordance with its procedures in the event of a breach of security of the system.
Terms Used In West Virginia Code 46A-2A-103
- Entity: includes corporations, business trusts, estates, partnerships, limited partnerships, limited liability partnerships, limited liability companies, associations, organizations, joint ventures, governments, governmental subdivisions, agencies or instrumentalities, or any other legal entity, whether for profit or not for profit. See West Virginia Code 46A-2A-101
- Financial institution: has the meaning given that term in Section 6809(3), United States Code Title 15, as amended. See West Virginia Code 46A-2A-101
- Notice: means :
(A) Written notice to the postal address in the records of the individual or entity. See West Virginia Code 46A-2A-101
- Personal information: means the first name or first initial and last name linked to any one or more of the following data elements that relate to a resident of this state, when the data elements are neither encrypted nor redacted:
(A) Social security number. See West Virginia Code 46A-2A-101
- state: when applied to a part of the United States and not restricted by the context, includes the District of Columbia and the several territories, and the words "United States" also include the said district and territories. See West Virginia Code 2-2-10
(b) A financial institution that responds in accordance with the notification guidelines prescribed by the Federal Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice is deemed to be in compliance with this article.
(c) An entity that complies with the notification requirements or procedures pursuant to the rules, regulation, procedures or guidelines established by the entity's primary or functional regulator shall be in compliance with this article.