To embed, copy and paste the code into your website or blog:
Virginia knocked off California’s crown as the only U.S. state to have a comprehensive, general consumer privacy law when Governor Ralph Northam signed the Virginia Consumer Data Protection Act (“
CDPA”) into law on March 2, 2021, unless you count Nevada which we warned you would stay in Vegas. The law takes effect on January 1, 2023, matching the effective date of the California Privacy Rights Act (“
CPRA”).
Here is what in-house counsel should do now to be well-positioned for compliance in 2023:
Figure out how many Virginians’ personal data your organization processes to determine whether the CDPA applies to your organization. As discussed below, the CDPA applies only to certain for-profit entities based on processing thresholds.
Florida state legislature is considering a sweeping data privacy bill giving consumers greater control over how their personal information is used while imposing greater restrictions on companies’ use of that data.
To embed, copy and paste the code into your website or blog:
On March 2, 2021, Governor Northam signed into law Virginia’s own Consumer Data Protection Act (“Virginia CDPA” or the “Act”), a bill that brings together concepts from the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It is the first of its kind legislation on the East Coast. The law will go into effect on January 1, 2023.
The drafters of the Virginia CDPA appear to have benefited from observing the pitfalls and problems that arose in the development and implementation of both GDPR and CCPA. The Virginia bill deftly avoids several of those by incorporating narrower, more tailored definitions that clearly exclude categories of data and businesses over which there was (and continues to be) some confusion with respect to both the EU/UK and California compliance regimes. It also adopts, in concept, the framework
To embed, copy and paste the code into your website or blog:
Earlier this week, the Commonwealth of Virginia became the second state to enact comprehensive consumer data privacy legislation, joining California. On March 2, Governor Ralph Northam signed the Consumer Data Protection Act (CDPA) into law, as he was widely expected to do. The CDPA garnered widespread support in Virginia’s House and Senate and was pushed across the goal line in Richmond relatively quickly.
The CDPA establishes a framework for controlling and processing personal data in Virginia. At a high level, it:
Applies to an entity or individual that conducts business in Virginia or targets their products or services to Virginia residents and that meets minimum thresholds for controlling and processing (or selling) personal data;
Today’s columnist, Steve Dickson of Netwrix, says that staying compliant with data privacy regulations like CCPA and GDPR requires storing sensitive data in secure locations.