Virginia has become the latest state to pass comprehensive privacy legislation as its legislature voted to enact SB 1392, known as the Consumer Data Protection Act (the "Act"). Although.
No
Yes – private plaintiffs can seek the greater of actual damages or $500 for violations under the VCDPA, and for willful actions, treble damages or $1,000, whichever is greater.
Yes (limited) – private plaintiffs can seek damages of not less than $100 and not more than $750, whichever is greater, if their non-encrypted personal information or email address (together with information that would allow account access) is subject to unauthorized access due to a business’ failure to implement reasonable security measures.
Consent
Generally not required except for the processing of sensitive data.
Required where a consumer has restricted processing or a risk assessment indicates the risks of processing outweigh the benefits to the consumer.
The Florida Legislature is considering a comprehensive privacy law (HB 969) that would fundamentally change the landscape of how/whether companies do business in Florida. The bill is.
Brotman: Digital privacy laws should reflect our work from home pandemic lives roanoke.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from roanoke.com Daily Mail and Mail on Sunday newspapers.
Share:
Last week, Virginia’s house of representatives and senate passed the Consumer Data Protection Act (CDPA) with sweeping majorities.
And so, once Gov. Ralph Northam signs the bill into law, as he’s expected to do in the coming weeks, you can add “CDPA” to your list of privacy regulation initialisms.
Some are calling the CDPA, which is the second comprehensive data privacy law in the United States, Virginia’s answer to GDPR or the East Coast version of the California Consumer Privacy Act.
But the truth lies somewhere in between. The bill, which would take effect on Jan. 1, 2023 if passed, borrows from both of its high-profile predecessors.