July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Virginia Amends New Privacy Law

Governor Glenn Youngkin of Virginia recently approved legislation to amend the Virginia Consumer Data Protection Act (VCDPA). In a time when data privacy bills creep through state legislatures only to die in committee, Virginia has not only passed a privacy law, but has also now amended that law. Three bills were recently signed by the Governor to amend the VCDPA.  The first, H 381, adds an exemption to the right to delete. Specifically, the new language states that data controllers that have obtained personal data about a consumer from a source other than the consumer shall be deemed in compliance with a consumer’s request to delete such data by either: (1) retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer’s personal data remain deleted from the business’s records and not using such retained data for any other purpose; or (2) opting the consumer out of the processing of such personal data for any purpose except for those exempted pursuant to the VCDPA.

The second amendment to the VCDPA, S 534, abolishes the Consumer Privacy Fund previously established by the VCDPA, and provides that “[a]ll civil penalties, expenses, and attorney fees collected pursuant to this chapter shall be paid into the state treasury and credited to the Regulatory, Consumer Advocacy, Litigation, and Enforcement Revolving Trust Fund.”

The third amendment to the VCDPA, also in S 534, redefines the phrase “nonprofit organization” to now include any political organization that is exempt from taxation under section 501(c)(3) of the Internal Revenue Code. The bill states that “[p]olitical organization means a party, committee, association, fund, or other organization, whether or not incorporated, organized and operated primarily for the purpose of influencing or attempting to influence the selection, nomination, election, or appointment of any individual to any federal, state, or local public office or office in a political organization or the election of a presidential/vice-presidential elector, whether or not such individual or elector is selected, nominated, elected, or appointed.” Nonprofits that meet this new definition will not have to comply with the VCDPA. All of these changes are effective January 1, 2023.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 104
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Deborah A. George, Robinson Cole, Cybersecurity lawyer
Counsel

Deborah George is a member of the firm’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team.

Deb advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters.  She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as  drafting and reviewing contracts, business associate agreements, and data use agreements. ...

401.709.3363
Advertisement
Advertisement
Advertisement