Skip to main content

Virgin Islands

Click here to review text of state statute (see V.I. Code, Title 14, Chapter 110, Subchapter I,  §2209 et seq.)

Return to Index of States

Click here to download a print-version of the Mintz Matrix

Information Covered / Important Definitions

Information covered:

Personal information of Virgin Islands residents.

Important definitions:

“Security Breach” means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the covered entity.

Covered Entities* / Third Party Recipients

Subject to statute:

Any person or business that conducts business in the Virgin Islands, and that owns or licenses computerized data that includes personal information.

Third party recipients:

Any covered entity that maintains computerized data that includes personal information that the covered entity does not own must notify the owner or licensee of the information of any security breach immediately following discovery of the breach.

Notice Procedures & Timing / Other Obligations

Written or electronic notice must be provided to victims of a security breach within the most expedient time possible and without unreasonable delay, unless a law enforcement agency determines that notice will impede a criminal investigation (in which case notification is delayed until authorized by law enforcement).

  • Substitute notice is available by means prescribed in the statute if costs to exceed $100,000, affected class exceeds 50,000 persons, or covered entity has insufficient contact information.

Encryption Safe Harbor / Other Exemptions

Encryption Safe Harbor:

Statute not applicable if the personal data that was lost, stolen, or accessed by an unauthorized individual is encrypted.

Other exemptions:

Exemption for good faith acquisition of personal information by an employee or agent of the covered entity for the purposes of the covered entity so long as the personal information is not used or subject to further unauthorized disclosure.

Notification to Regulator / Waiver

waiver of the statute is void and unenforceable.


Businesses that violate the statute may be enjoined.

Customers injured by a violation may commence a civil action to recover damages.

Private Cause of Action / Enforcement

Private Cause of Action: Yes.


Note: Please refer to individual state statutes for a complete list of covered entities as the list of legal and commercial entities described in this chart as “subject to statute” in most cases is not exhaustive.  Please also note that rules applicable to state agencies, government bodies and other public institutions are not discussed in this chart.

Click here to review text of state statute (see V.I. Code, Title 14, Chapter 110, Subchapter I,  §2209 et seq.)

Return to Index of States

Click here to download a print-version of the Mintz Matrix

Subscribe To Viewpoints