West Virginia Executive Branch Privacy Policy: Notice, Policy No: WVEB-P105

This policy requires departments to be open regarding: 1) the authority for collecting Personally Identifiable Information (PII); 2) the purpose of the collection; 3) the location of the entity maintaining the PII; 4) with whom the PII may be shared and why; 5) the rights an individual has; and 6) the department’s PII policies, procedures, standards and practices. This notice must also include a statement of how the individual’s PII is to be appropriately secured. The policy instructs on notice delivery and specific notice requirements for: 1) use of social security numbers; 2) HIPAA covered entities; 3) financial institutions; 4) information collected on children under the age of thirteen (13); and, 5) electronic transactions.
West Virginia Executive Branch Privacy policy and procedure is not based on any one federal or state privacy law. This privacy policy/procedure materially addresses the various requirements of the majority of the laws and regulations with which the West Virginia Executive Branch must comply and serves as a foundation or baseline. There are twenty-four related federal laws and twenty-eight state laws that govern various aspects of the West Virginia Executive Branch privacy program.
For highly regulated PII, law requires specific statements be contained within the privacy notice, and they are identified in policy. Federal law governing specific types of information include: Privacy Act of 1974, Section 7, 5 U.S.C. § 552a (note); the Health Insurance Portability and Accountability Act Privacy Rule, 45 CFR Part 164; Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, 16 C.F.R. § 313; 72 Fed. Reg. 62890; and, Children’s On-line Privacy Protection Act, 15 U.S.C. § 6501 et seq., 16 C.F.R. Part 312.
Summaries of West Virginia’s Privacy Requirements may be found at http://privacy.wv.gov/SiteCollectionDocuments/Legal/2016%20Privacy%20Requirements%20FINAL.pdf
This policy is not more stringent than similar federal law.