Virginia may join California as the second US state to enact a comprehensive data-privacy law as soon as next week.

On January 29^th the Virginia House of Delegates voted 89-9 to pass HB2307 and sent the bill to the state Senate, which is also moving forward with an identical bill (SB 1392) that is currently before the Senate Finance Committee. Because Virginia’s legislative session is extremely short, absent an extension, the Virginia Senate has less than two weeks to approve the bill before the state legislature adjourns for the year

Like the California Consumer Privacy Act (CCPA), the Virginia bills would give consumers the right to access their data, correct inaccuracies, and request the deletion of information. Virginia residents would also be able to opt out of data collection

for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Unlike the CCPA and the newly enacted California Privacy Rights Act (which will go into effect in 2023), violations of the Virginia law would be enforced exclusively by the state attorney general, which can seek damages for up to $7,500 for each violation, with no private right of action specified for data breaches.

If passed, the Virginia legislation would take effect on January 1, 2023.