Virginia Passes New Data Protection Law

Virginia Passes New Data Protection Law

Virginia governor Ralph Northam has signed a new state data protection act into law. 

The Virginia Consumer Data Protection Act (CDPA) requires people conducting business in the Commonwealth of Virginia to comply with a novel set of data security and privacy requirements. 

The CDPA, which mirrors some of the provisions laid out in the EU's General Data Protection Regulation (GDPR), comes into effect on January 1, 2023. 

Businesses found to have violated the CDPA will be given 30 days to correct their behavior before they are fined up to $7,500 per violation by the Virginia attorney general. 

While similarities exist between the CDPA and the GDPR and also between the CDPA and the California Consumer Privacy Act (CCPA) that took effect on January 1, 2020, the laws are different enough so that compliance with one does not equal compliance with the other. 

Under the CDPA, Virginia residents have the right to view and obtain the personal data held by a covered entity, to correct errors in it, and to delete it. 

Other consumer rights granted to Virginians under the new law allow them to opt out of processing of personal data for targeted advertising purposes and to appeal the denial of a business to act on a request within a time frame of 45 days.

Consumers cannot take legal action against a business if they believe their CDPA rights have been violated as the new law contai ..