This policy requires a department to implement appropriate management, operational, physical and technical controls to preserve the privacy, confidentiality, integrity and accessibility of Personally Identifiable Information (PII). Its standards require each Department to be in compliance with: 1) the policies and procedures of the Office of Technology (OT) and the Board of Risk and Insurance Management; and 2) legal requirements, regarding PII, established by federal law, state law and Executive Order. It instructs on the use of controls with regard to Sensitive Personal Information (SPI) and prohibitions of use of SPI. Other standards include: network security; media sanitization, record retirement and disposal; maintenance; hard copy security; and personnel security training.
West Virginia Executive Branch Privacy policy and procedure is not based on any one federal or state privacy law. This privacy policy/procedure materially addresses the various requirements of the majority of the laws and regulations with which the West Virginia Executive Branch must comply and serves as a foundation or baseline. There are twenty-four related federal laws and twenty-eight state laws that govern various aspects of the West Virginia Executive Branch privacy program.
Summaries of West Virginia’s Privacy Requirements may be found at http://privacy.wv.gov/SiteCollectionDocuments/Legal/2016%20Privacy%20Requirements%20FINAL.pdf
This policy is not more stringent than similar federal law.
West Virginia Executive Branch Privacy Policy: Security Safeguards, Policy No: WVEB-P106
Details
Type: PolicyAgency: Risk And Insurance Management
CSR Number: none supplied
Effective Date: August 1, 2009
Summary
Submitter Details
Name: Sue HagaEmail: sue.c.haga@wv.gov
Phone: 304-766-2646