The bill applies to businesses processing consumers’ personal data or deriving a portion of gross revenue from the sale of personal data. It is expected to be signed by Gov. Ralph Northam in the coming weeks.
(SB1392) was introduced in the Virginia Senate)
Status: The House and Senate approved the respective bill versions, and they now move to a reconciliation and signature by Virginia Governor Ralph Northam before the legislative session wraps up at the end of February.
Key Points:
Differs from the CCPA in some important compliance aspects and mimics many European Union General Data Protection Regulation (GDPR) defined terms, such as “controller”, “processor” and “personal data”
Applies to businesses and individuals that conduct business in Virginia or produce products or services targeted to Virginia residents that (i) control or process personal data of 100,000 or more Virginians; or (ii) control or process personal data of 25,000 or more Virginians and derive over 50% of gross revenue from the sale of personal data
Virginia Takes Different Tack Than California With Data Privacy Law
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Rarely do Virginia and California fall into the same legislative camp, but if the Virginia Consumer Data Protection Act is signed by its governor (as is widely expected), both states will have a sweeping data privacy act. And in the absence of a federal data privacy law, individual states continue to fill gaps centered on consumers, businesses, and the collection of data.
Who s Covered By VCDPA
Businesses that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50% of gross revenue from the sale of personal data.
To embed, copy and paste the code into your website or blog:
When the California Consumer Privacy Act of 2018 (CCPA) became law, it was only a matter of time before other states adopt their own statutes intended to enhance privacy rights and consumer protection for residents. The Virginia legislature has passed such a measure.
On February 3, 2021, the Virginia Senate unanimously passed the Virginia Consumer Data Protection Act (VCDPA),
SB1392. The state’s House of Delegates had passed the companion bill (
HB 2307) in January. Now, legislators are working to reconcile the bills in order to send a measure to the governor’s desk before the end of February, when the legislative session concludes.
Whether it is the pending Virginia Consumer Data Protection Act, the California Consumer Privacy Act, or a similar framework, there are several features that should be considered when examining the effects of privacy laws on an organization.