UPDATE: Virginia Privacy Bill Signed into Law

Update: Virginia Privacy Bill Signed Into Law
Print Friendly, PDF & Email

Recently, we blogged that both houses of the General Assembly of Virginia had voted to approve the Consumer Data Privacy Act (“CDPA” or “Virginia Privacy Law”). On March 2, 2021, Virginia Governor Ralph Northam signed the CDPA into law, becoming the second state in the nation (behind only California) to pass comprehensive consumer data privacy legislation. Please note that the Virginia Privacy Law will become effective on January 1, 2023. As such, many businesses that have worked tirelessly to obtain and maintain compliance with the California Consumer Privacy Act (“CCPA”) will soon need to undertake CDPA compliance measures. Although there are many similarities between the two (2) laws, there are also important distinctions worth noting.

How do the CDPA and the CCPA compare?

Virginia Privacy Law Applicability

Prior to working toward CDPA compliance, businesses should first determine whether the Virginia Privacy Law applies to them. The CDPA will apply to people and businesses that “conduct business within [Virginia] or that produce products or services that are targeted to [Virginia] residents” and: 1) “control or process personal data of at least 100,000” Virginians during a calendar year; or 2) “control or process personal data of at least 25,000 [Virginians] and derive over 50 percent of gross revenue from the sale of personal data.” “Personal data” is defined broadly in the CDPA to include any information that is linked to or could reasonably be linked to an individual, but excludes deidentified or publicly available information. Given the relatively narrow criteria for statute applicability, the good news is that many businesses will likely not hit the thresholds that would require them to comply with CDPA regulations.

CDPA in Comparison to the CCPA

Similar to the CCPA, the CDPA affords consumers the right to access their personal data, correct any inaccuracies, request complete copies of their personal data, and direct companies to delete their personal data. Additionally, consumers have the right to opt out of: 1) the processing of their personal data for targeted advertising; 2) the sale of their personal data; and 3) data profiling.

Unlike the CCPA, the Virginia Privacy Law has received broad support from the technology industry for being comparatively industry friendly. This is due, in large part, to the following distinctions: 1) the CDPA does not provide for a private right of action and bestows exclusive enforcement authority in the Office of the Attorney General; 2) the CDPA is more aligned with Europe’s General Data Protection Regulation (“GDPR”) in that it distinguishes roles between entities as either “controllers” or “processors;” 3) the definition of “sale of personal data” in the CDPA is more narrow than that contained within the CCPA, limiting what is considered a sale to “the exchange of personal data for monetary consideration by the controller to a third party;” and 4) although both the CCPA and CPDA require businesses to obtain permission before collecting “sensitive data” (such as racial or ethnic origin, genetic data and geolocation), the CCPA has a broader definition, including such information as social security numbers, drivers’ license numbers and credit or debit card numbers.

While Virginia may be just the second state of the Union to pass consumer data privacy legislation, there are additional states hoping to follow suit in the coming months. With the specter of having to comply with a piecemeal landscape of state laws, the federal government may decide to enact legislation that will provide businesses with a more uniform set of rules to follow. Until then, businesses should monitor evolving state consumer data privacy law developments and work to become compliant with enacted regulations.

If you need assistance with consumer data privacy compliance, please email us at info@kleinmoynihan.com, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Similar Blog Posts:

Is a NY CCPA Law Coming Soon?

How the CPRA Law Overhauls and Updates the CCPA

I Received a CCPA Enforcement Notice! How do I Respond?

David O. Klein

David O. Klein

David Klein is one of the most recognized attorneys in the telemarketing, technology, Internet marketing, sweepstakes and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Schedule a Call
In The Know

Trending Topics

New York Sweepstakes Law blog- Klein Moynihan Turco

New York Sweepstakes Law: Are You Compliant?

Print Friendly, PDF & Email

In general, a lottery exists when entrants pay for the chance to win a prize. States alone reserve the right to administer lotteries. Businesses can eliminate one element of what would otherwise be an illegal lottery, in order to transform it into a legal promotional game. If the requirement to

TCPA surveys

An Ad or not an Ad: NY Weighs in on TCPA Surveys

Print Friendly, PDF & Email

Another day, another court decision that refines constitutes a Telephone Consumer Protection Act (“TCPA”) unsolicited fax advertisement. A Manhattan-based federal court recently issued a decision that removes faxed invitations to participate in a survey from the TCPA definition of advertisement. In drawing this distinction for TCPA surveys, the Court held

NY sports gambling law- Klein Moynihan Turco

Agreement Reached to Enact NY Sports Gambling Law

Print Friendly, PDF & Email

This week, Governor Andrew Cuomo and the New York State Legislature agreed to a budget deal that will bring mobile sports betting to the State through a unique NY sports gambling law.  Upon the Governor’s signature, NY sports gambling is primed to become the nation’s largest market. However, New York

UK and US Social Media Influencer Laws

UK and US Social Media Influencer Laws

Print Friendly, PDF & Email

In September of 2020, the United Kingdom’s (“UK”) Committee of Advertising Practice (“CAP”) reviewed the Instagram accounts of 122 UK-based social media influencers to determine whether content was being properly flagged as advertising in accordance with applicable social media influencer laws. This past March, the UK Advertising Standards Authority (“ASA”)

Share on facebook
Share on google
Share on twitter
Share on linkedin