Bill Summary – FastDemocracy

The proposed bill seeks to strengthen cybersecurity and consumer data protection in West Virginia by introducing two new articles: the Safe Harbor for Cybersecurity Programs and the Consumer Data Protection Act. It provides businesses with an affirmative legal defense against punitive damages in data breach lawsuits, contingent upon maintaining a written cybersecurity program with specific safeguards for personal information. The bill also clarifies that no private right of action is created under this article and grants immunity to higher education institutions offering cybersecurity assessment programs. Additionally, it establishes definitions for key terms, outlines requirements for cybersecurity programs, and emphasizes the importance of consumer consent for data processing activities.

The Consumer Data Protection Act creates a framework for managing personal data, applying to businesses that handle significant amounts of consumer data. It delineates the responsibilities of data controllers and processors, grants consumers rights to access and manage their data, and sets standards for data protection assessments. The bill mandates that controllers respond to consumer requests within 45 days and outlines conditions for compliance, including exemptions for certain entities and types of data. Enforcement is designated to the Attorney General, who must provide a 60-day notice before taking action for violations, with civil penalties of up to $7,500 per violation. Overall, the legislation aims to enhance consumer privacy rights and establish accountability for businesses handling personal data, with provisions set to take effect on July 1, 2026.
Statutes affected: 
Introduced Version: 31A-8H-1, 31A-8H-2, 31A-8H-3, 31A-8H-4, 31A-8H-5, 46A-6O-1, 46A-6O-2, 46A-6O-3, 46A-6O-4, 46A-6O-5, 46A-6O-6, 46A-6O-7, 46A-6O-8, 46A-6O-9, 46A-6O-10, 46A-6O-11, 46A-6O-12, 46A-6O-13
Committee Substitute: 31A-8H-1, 31A-8H-2, 31A-8H-3, 31A-8H-4, 31A-8H-5, 46A-6O-1, 46A-6O-2, 46A-6O-3, 46A-6O-4, 46A-6O-5, 46A-6O-6, 46A-6O-7, 46A-6O-8, 46A-6O-9, 46A-6O-10, 46A-6O-11
Engrossed Committee Substitute: 31A-8H-1, 31A-8H-2, 31A-8H-3, 31A-8H-4, 31A-8H-5, 46A-6O-1, 46A-6O-2, 46A-6O-3, 46A-6O-4, 46A-6O-5, 46A-6O-6, 46A-6O-7, 46A-6O-8, 46A-6O-9, 46A-6O-10, 46A-6O-11