Scope Like CCPA, VCDPA applies to companies or persons that "do business" in, or target citizens of, the state and utilizes certain quantitative thresholds to identify which entities may be subject to the law, such as collecting or processing a requisite amount of Virginia residents' personal information. However, when comparing VCDPA's jurisdictional analysis to that of CCPA, a standalone revenue threshold (see Note 2) is notably absent; simultaneously bringing "smaller" companies with large amounts of data under the statute while potentially allowing "larger" companies to escape its reach. Although the "Big Three" (GDPR, CCPA, and VCDPA) share in a broad definition of personal data, VCDPA diverges from its cousins in the treatment of employees and individuals acting in a business capacity. Unlike CCPA, which has a temporary partial carve-out for employees and B2B information, the VCDPA expressly excludes persons acting in a commercial or employment context from the definition of "consumers."