Virginia’s Data Privacy Legislation Is One Step Closer To Becoming Law
Monday, February 22, 2021
Privacy Policy on Paper
Print Mail Download i

Virginia took one step closer the end of last week to becoming the second state with its own comprehensive data privacy legislation, as the Virginia General Assembly voted to send the Consumer Data Protection Act (“CDPA”) to the desk of Governor Ralph Northam.  Governor Northam has previously expressed support for the measure and is expected to sign the bill into law.  It would take effect on January 1, 2023 and set a framework for collecting, controlling, and processing personal data in the Commonwealth of Virginia.

CPW previously shared Lydia de la Torre‘s fantastic write up of the CDPA and some of the key differences between the CDPA and the California Consumer Privacy Act (“CCPA”).  Similar to the CCPA, the CDPA would give Virginia consumers the right to access their data, correct inaccuracies, and request the deletion of information. Virginia residents would also be able to opt out of data collection under certain circumstances.  However, the CDPA does not include a private right of action for data breaches: violations of the Virginia law are enforceable only by the state Attorney General.

The CDPA applies to all persons that conduct business in Virginia or produce goods or services targeted at Virginia and either “(i) during a calendar year, control or process personal data of at least 100,000 consumers” or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”  However, it does not contain an independent revenue threshold–by comparison, the CCPA applies to all businesses with an annual gross revenue of over $25 million that do business in the State of California and collect personal data from California residents.  A “consumer” is defined as “natural person who is a resident of the Commonwealth acting only in an individual or household context,” excluding those acting in commercial or employment contexts.  This is unlike the CCPA, which also applies to individuals acting in those capacities.  Similar to the CCPA, the CDPA also exempts state and local governmental entities, as well as certain categories of data and information already covered by federal law, such as protected health information governed by HIPAA.

We’ll continue to monitor the development of this important legislation for you.

© Copyright 2024 Squire Patton Boggs (US) LLP

Current Legal Analysis

More from Squire Patton Boggs (US) LLP

Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer
Subchapter V Debt Limit: Don’t Get Caught Assuming Congress Will Act (It Probably Will…But Still) (US)
by: Kelly E. Singer
FTC Bans Non-Competes Throughout the United States – Legal Challenges Already Filed (US)
by: Paul Erian
Workplace Harassment in Germany: Questions Over Compensation
by: Anna-Maria Hesse
When the EDPB is Weaponized, It Is Our Privacy That Is at Risk
by: Charles-Albert Helleputte
The Ohio Supreme Court Updates its Writing Manual
by: Appellate & Supreme Court Group Squire Patton Boggs
The General Code in Bite-Sized Chunks ­– Proportionality is the Special Ingredient
by: Matthew Giles
Relying on CAFA's Discretionary "Home-State" Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer
Why the Taylor Swift AI Scandal is Pushing Lawmakers to Address Pornographic Deepfakes
by: Susie Ruiz-Lichter
The Potential Mushroom Effect of the USPTO’s Mushrooming Patent Application Fees
by: Woli I. Urbe , Frank L. Bernstein

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins