Simpson33 / Getty Images
On March 2, Virginia s Democratic Governor Ralph Northam signed into law the nation s second major piece of state legislation that governs consumer data privacy and protection. Virginia s Consumer Data Protection Act (CDPA) follows the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. In a referendum last fall, California citizens voted to amend the CCPA by approving the California Privacy Rights and Enforcement Act (CPRA), which will mostly go into effect on January 1, 2023.
All three laws follow the European Union s landmark data protection law, the General Data Protection Regulation (GDPR), implemented on May 25, 2018. Although the CCPA, CPRA and CDPA borrow heavily from the GDPR, each data privacy vehicle contains provisions that vary from the other laws.
For what seemed like an eternity (okay, just a couple years), the California Consumer Privacy Act was the only game in town when it came to state-level, comprehensive privacy legislation. Sure, we saw many other states introduce similar bills, and Washington got close a couple times to passing the Washington Privacy Act. Those all died on the vine, however. In fact, California was the only state after itself to see passage of anything really big, with the California Privacy Rights Act (which amends the CCPA, and is
not a separate, new law) gaining passage in the November 2020 election.
All to which Virginia has recently stepped forward and said, “Hold my … authenticated consumer request.” The Virginia Consumer Data Protection Act (or VACDPA, as I prefer to call it) is a comprehensive privacy bill that was just signed into law by Governor Northam on March 2, and shows influences from both the CCPA and Europe’s General Data Protection Regulation (GDPR).
On March 2, 2021, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA). The law passed the state legislature with strong bipartisan support..
Five senior compliance practitioners tell us how their companies have reacted to recent privacy legislation like the GDPR, CCPA, and other state regulations in the pipeline.
To embed, copy and paste the code into your website or blog:
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA). [1] The Virginia state legislature recently became the first state to do so, surprising many with news that it quickly passed and signed into law comprehensive privacy legislation, namely the Virginia Consumer Data Protection Act (CDPA). Like the CCPA, Virginia’s CDPA builds on the Fair Information Privacy Principles (FIPP), making many of the lessons learned implementing the CCPA applicable here. The CDPA will take effect January 1, 2023.