'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
Virginia has become the next US state to pass a comprehensive consumer data protection law which can be considered to be at par with other major state data privacy laws i.e the California Consumer Protection Act (CCPA) -or the recently passed Consumer Privacy Rights Act (CPRA)- and Washington Privacy Act (WPA). This new law shall provide comprehensive privacy rights to state residents of Virginia and impose a new set of obligations and duties on businesses managing consumer personal data.
All consumers may invoke the following rights by sending a verified request to the data controller (in case of a child, the parent/guardian may send the request on behalf of the child):
The VCDPA does not apply to:
The Virginia Attorney General may issue a civil investigative demand to any controller or processor believed to be engaged in, or about to engage in, any violation.
The state AG also retains exclusive authority to enforce the VCDPA by bringing an action in the name of the Commonwealth, or on behalf of persons residing in the Commonwealth as well as reasonable expenses incurred in investigating and preparing the case, including attorney fees against violators.
Thus covered businesses must comply with the law or face civil penalties for non-compliance up to $7500 for each violation as well as an injunction to stop the violation from further continuing.
The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.Get the Book
“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”
- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc