To embed, copy and paste the code into your website or blog:
Virginia recently joined California in enacting a comprehensive data protection law intended to protect the privacy of its residents. The Virginia Consumer Data Protection Act (the “VCDPA”) is scheduled to take effect on January 1, 2023, so impacted businesses have significant lead time to prepare. This is the first of two posts covering the VCDPA.
The VCDPA has two main goals: (1) providing Virginia residents with expanded rights in connection with their personal data, and (2) imposing obligations on businesses, such as securing personal data, limiting use of personal data to disclosed purposes, and flowing down requirements to processors receiving personal data. While many of the details differ, the overall approach of the VCDPA is very reminiscent of the European Union’s General Data Protection Regulation (“GDPR”) but without some of the more prescriptive elements. Businesses with existing GDPR or Cal
To print this article, all you need is to be registered or login on Mondaq.com.
In what could be a harbinger of the future regulation of
artificial intelligence (AI) in the United States, the European
Commission published its recent proposal for regulation of AI systems. The
proposal is part of the European Commission s larger European strategy for data, which seeks to defend and promote European values and rights in how we
design, make and deploy technology in the economy. To this
end, the proposed regulation attempts to address the potential
risks that AI systems pose to the health, safety, and fundamental
Thursday, May 6, 2021
The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security risks to an organization’s data can come from various vectors, including third party vendors and services providers. By way of example, the Pennsylvania Department of Health recently announced a data security incident involving a third-party vendor engaged to provide COVID-19 contact tracing. The personal information of Pennsylvania residents was potentially compromised when the vendor’s employees used an unauthorized collaboration channel.
Protecting against these risks requires maintaining and implementing a third-party vendor management policy, a critical and often overlooked part of an organization’s information security program. Appropriate vendor management helps guard against threats to an organization’s data posed
To embed, copy and paste the code into your website or blog:
What Businesses in Tennessee and Across the U.S. Can Take From Virginia’s New Consumer Data Protection Act
Virginia Gov. Ralph Northam recently signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state, following California, to adopt comprehensive consumer data privacy legislation.
Like the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), the new law gives Virginia consumers more control over how businesses collect and use their personal data. The law also creates security and assessment requirements for businesse
Scope
Like CCPA, VCDPA applies to companies or persons that do business in, or target citizens of, the state and utilizes certain quantitative thresholds to identify which entities may be subject to the law, such as collecting or processing a requisite amount of Virginia residents personal information. However, when comparing VCDPA s jurisdictional analysis to that of CCPA, a standalone revenue threshold (see Note 2) is notably absent; simultaneously bringing smaller companies with large amounts of data under the statute while potentially allowing larger companies to escape its reach.
Although the Big Three (GDPR, CCPA, and VCDPA) share in a broad definition of personal data, VCDPA diverges from its cousins in the treatment of employees and individuals acting in a business capacity. Unlike CCPA, which has a temporary partial carve-out for employees and B2B information, the VCDPA expressly excludes persons acting in a commercial or employment context from the definition of