On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, setting up the newest state to enact broad privacy legislation aimed at giving consumers more control over their personal data.
On March 2, 2021, Governor Northam signed the Virginia Consumer Data Protection Act (CDPA or the Act) making it the country’s second comprehensive data privacy legislation following.
To print this article, all you need is to be registered or login on Mondaq.com.
On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA)
into law without further amendments. Virginia now joins California
as the second U.S. state to enact comprehensive privacy
legislation. The CDPA will come into effect January 1, 2023
simultaneously with California s Consumer Privacy Rights Act
(CPRA). While similar, the laws reflect somewhat differing
approaches to a consumer data law, and covered businesses should
begin preparing compliance strategies now. In particular, the new
Virginia law may well presage movement in other states, such as
[co-author: Rod Ghaemmaghami]
On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.
With the VCDPA on the books, companies have the next 22 months to prepare for the VCDPA
and the California Privacy Rights Act (CPRA) to go into effect. This post takes a look at the VCDPA provisions that are novel and require close attention during the transition period to the law’s January 1, 2023 effective date.
Sensitive Data: The VCDPA breaks new ground in U.S. privacy law by requiring consent to process “sensitive data” – a term that includes precise geolocation data; genetic or biometric data used to identify a person; and data revealing race or ethnicity, religious beliefs, health diagnosis, sexual orientation, or citizenship or immigration status. The definition of “consent,” in turn, tracks the GDPR definition: “freely given, specific, informed, and u
To embed, copy and paste the code into your website or blog:
Following in the footsteps of the California Consumer Privacy Act (CCPA), the Commonwealth of Virginia has become the second U.S. state to enact comprehensive consumer data protection legislation. The Virginia Consumer Data Protection Act (VCDPA) was signed into law by Governor Ralph Northam yesterday on March 2, 2021. The VCDPA will become effective on January 1, 2023, right alongside the recently enacted California Privacy Rights Act (CPRA), which significantly amended the CCPA (additional information on the CPRA can be found here). The following is a brief description of the VCDPA’s key components. Keep an eye out for a forthcoming article outlining the most important differences between the VCDPA and the CPRA.