Last month, the Virginia Consumer Data Protection Act was signed into law, making Virginia the second state in the nation to enact comprehensive data privacy legislation. The Act resembles and adopts some terms from the California Consumer Privacy Act (“CCPA”); the California Privacy Rights Act of 2020, which amends and expands the CCPA; and the European Union’s General Data Protection Regulation (“GDPR”). However, the Act contains a number of distinctive provisions, compliance with which will require covered entities to adjust their privacy policies and practices, even if they are already CCPA and GDPR compliant, rendering the existing patchwork of state and national privacy laws even more complex.
Please click here to read our full alert memorandum summarizing key elements of the Act and highlighting key similarities and differences with the CCPA and GDPR.