California is no longer the lone state with a consumer data privacy law. Virginia is now on the verge of joining, pending a formal reconciliation between the Virginia House and Senate versions, as well as the governor’s signature. The Virginia Consumer Data Protection Act (CDPA) resembles California’s CCPA and Europe’s GDPR in some—but not all—aspects.
Although the CDPA will not become effective until Jan. 1, 2023, companies should get their data privacy affairs in order because other states, and eventually the federal government, will likely pass their own laws, soon enough, and they may have different obligations companies should be aware of. Accordingly, now is the time for companies to familiarize themselves with the consumer data privacy requirements, or else they risk facing significant penalties down the road.
Click here for a quick summary of the CDPA and some guidance for businesses to consider.