What You Need To Know:
Virginia has joined California in adopting a comprehensive data privacy law, with dozens of similar state laws pending.
In the absence of federal legislation, businesses must comply with different data protection requirements on a state-by-state basis.
Organizations that seek to retain a competitive edge and avoid regulatory and legal entanglements would be well-advised to accelerate–or begin–compliance efforts now.
On March 2, the Virginia Consumer Data Protection Act (VCDPA) was signed into law, becoming the second comprehensive state privacy law in the United States. The VCDPA reflects core principles from the California Consumer Privacy Act of 2018 (CCPA) and its progeny, the California Consumer Rights Act (CPRA), adopted in 2020. However, the VCDPA departs from its West Coast predecessors in certain key respects and illustrates a growing trend of U.S. data privacy laws moving closer to the European General Data Protection Regulation (GDPR).