July 1, 2022

Volume XII, Number 182

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis

Virginia Amends the VCDPA Ahead of January 1, 2023 Effective Date

On April 11, 2022, Virginia Governor Glenn Youngkin signed into law three bills that amend the Virginia Consumer Data Protection Act (“VCDPA”) ahead of the VCDPA’s January 1, 2023 effective date. The bills, HB 381HB 714 and SB 534, (1) add a new exemption to the VCDPA’s right to delete; (2) modify the VCDPA’s definition of “nonprofit”; and (3) abolish the Consumer Privacy Fund.

A summary of the bills is as follows:

  • HB 381 – The bill adds a new exemption to the right to delete, providing that “a controller that has obtained personal data about a consumer from a [third party] shall be deemed in compliance with a consumer’s request to delete […] by either (i) retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer’s personal data remains deleted […] and not using such retained data for any other purpose […] or (ii) opting the consumer out of the processing of such personal data for any purpose except for those exempted pursuant to [the VCDPA].” (An identical bill, SB 393, was vetoed by the governor.)

  • HB 714/SB 534 (identical bills) – These bills redefine “nonprofit” to include political organizations and certain § 501(c)(4) organizations and, therefore, exempt these organizations from the VCDPA’s requirements. The bills also abolish the Consumer Privacy Fund and provide that all civil penalties, expenses and attorney’s fees collected from enforcement of the VCDPA shall be deposited into the Regulatory, Consumer Advocacy, Litigation and Enforcement Revolving Trust Fund.

Notably, the VCDPA does not authorize a rulemaking process, so these amendments finalize the text of the VCDPA going into its January 1, 2023 effective date.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 118
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement