01 / THE DISPOSAL LAWWest Virginia's recovery program
West Virginia's Covered Electronic Devices Recycling Act takes a producer-responsibility approach: manufacturers of covered devices — computers, monitors, and televisions — must register, label products, and support recovery and recycling. West Virginia does not impose a statewide landfill ban on those devices.
That lighter touch does not mean a business can dispose of IT equipment freely. Components regulated as hazardous waste fall under federal RCRA, and data-bearing devices carry HIPAA and GLBA obligations. Bottom line: with less prescriptive state recycling law, the federal floor and your own documentation become the controlling requirements.
02 / THE BREACH LAWNo AG notice — but the duty stands
West Virginia's breach-notification statute (W.Va. Code § 46A-2A-101 et seq.) requires a business to notify affected residents without unreasonable delay following a breach of their personal information. It does not mandate notifying the Attorney General; consumer reporting agencies must be notified when more than 1,000 residents are affected.
A lighter notification regime does not reduce the underlying exposure: a lost or stolen unsanitized drive is still a breach of the residents whose data it held. Bottom line: media destroyed to NIST 800-88 with documentation is not exposed data — the cleanest way to avoid notifying anyone at all.
03 / WHAT IT MEANSOne certified process satisfies both
Read together, West Virginia's rules point the same direction. An organization retiring IT equipment in West Virginia has to handle the device lawfully (no statewide landfill ban, but federal hazardous-waste rules apply) and be able to prove the data on it is gone under the state's breach-notification law. Handled separately, those are two compliance tracks. Handled as one certified IT asset disposition process, they collapse into a single workflow: compliant recycling, documented NIST 800-88 data destruction with serialized certificates, and an unbroken chain of custody.
That combined standard is what an R2v3, NAID AAA, and RIOS-certified provider is built to deliver. CyberCrunch is headquartered in Greensburg, Pennsylvania, and serves organizations across West Virginia and all 50 states with on-site and facility-based destruction and documented recycling.
04 / SOURCESWhere this comes from
- West Virginia breach law (W.Va. Code § 46A-2A-101); see IAPP state breach-notification chart — source
- West Virginia Covered Electronic Devices Recycling Act — ERI state e-waste legislation overview — source
This page is provided for general informational purposes only and reflects publicly available sources as of June 2026. It is not legal advice and does not create an attorney-client relationship. Laws and regulations change frequently and are subject to interpretation; CyberCrunch makes no representation or warranty as to the accuracy, completeness, or currency of this information and assumes no liability for any reliance on it. Always do your own research and confirm the current requirements for your organization with qualified legal counsel before acting.
05 / FAQFrequently asked questions
Does West Virginia ban electronics from landfills?
No. West Virginia's Covered Electronic Devices Recycling Act is a manufacturer-recovery program and sets no statewide landfill ban — but federal RCRA hazardous-waste rules still govern much business IT equipment.
Who handles electronics recycling in West Virginia?
Manufacturers must register and support recovery and recycling of covered devices; businesses arrange compliant recycling for their own equipment.
When must a West Virginia organization report a data breach?
Affected residents must be notified without unreasonable delay. The Attorney General is not required to be notified; consumer reporting agencies are notified when more than 1,000 residents are affected.
Does destroying a drive remove breach-notification risk?
Media sanitized or destroyed to NIST 800-88 standards, with documentation, is not exposed data — the practical defense against a disposal-driven breach.