This article was originally published in the May 2021 issue of Used Car Dealer Magazine. Privacy and data security. If you don't have those issues on your radar, you should. Dealers have always had data privacy and safeguarding responsibilities. Nothing new here. But a change is coming. The basic privacy and data security concepts and requirements we've grown accustomed to are expanding - actually, transforming - into fundamental and robust consumer privacy rights. Data security is also evolving from a general set of principle-based requirements to more obligations. The Virginia legislature recently enacted a comprehensive consumer data privacy law called the Virginia Consumer Data Protection Act. The VCDPA follows the California Consumer Privacy Act - the nation's first comprehensive consumer data privacy law, which became effective last year. Californians were not content with the CCPA, so in November they passed the Consumer Privacy Rights Act through a ballot initiative. The new law, which becomes effective Jan. 1, 2023, beefed up the state's already comprehensive privacy and data requirements. Other states are currently considering similar legislation, including Washington, Texas, Utah, Arizona, New Mexico, Oklahoma, Alabama, Florida, South Carolina, Kentucky, Illinois, Minnesota, Nebraska, North Dakota, Pennsylvania, New Jersey, Maryland, New York, Connecticut, Rhode Island and New Hampshire. While some are more likely than others to pass such a law, the takeaway is more extensive, all-encompassing privacy and data security rights and requirements likely will soon be in place throughout much of the U.S.