This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Virginia Set to Enact New Privacy Law

Virginia is close to becoming the second state to pass a privacy law protecting state residents.  The Virginia Consumer Data Protection Act, which has passed both houses of the state legislature, will take effect 1/12023 once signed by the governor.  That is the same date that expanded privacy laws approved last year in California take effect.

Under the VCDPA, consumers are explicitly granted rights of access, deletion, opt-out, and correction.  Most of those rights also exist or are pending in California.  Companies subject to the Virginia law also will be required to implement data security measures including periodic data protection assessments, a first in the US.  

The bill is, however, in many ways narrower than California's rules.  It specifically exempts data processing in the commercial and employment contexts.  The definition of covered "personal data" is much narrower than the "personal information" protected in California.  The Virginia law would specifically allow sharing of data with affiliated companies.  In addition, the VCDPA provides that only the Attorney General has enforcement powers: it does not allow for companies to be sued directly by consumers.  Finally, the VCDPA applies to a narrower range of companies, generally those that process data of 100,000 Virginians annually, regardless of the company's income.  This should excuse many small and medium-sized companies from compliance than does California's law.  

Lawmakers in Virginia have passed a privacy bill similar to a law that took effect last year in California. The bill now heads to Governor Ralph Northam, who is expected to sign the measure into law. If enacted, it will take effect in 2023. The Virginia Consumer Data Protection Act (SB 1392), much like California's Consumer Privacy Act, requires companies to allow consumers to access, correct and delete personal data.


data security and privacy, insights, hill_mitzi