Legal Operations » There’s More than One Privacy and Data Protection Law in Virginia

There’s More than One Privacy and Data Protection Law in Virginia

December 1, 2022

paperless-workplace-idea-esigning-electronic-signature-document-an-picture-id1349390515

On January 1, 2023, Virginia’s Consumer Data Protection Act (CPDA) will take effect. It provides rights, contractual provisions and security obligations, a broad definition of “personal information, a “sensitive data” category and data protection assessment obligations for data controllers. Virginia has other privacy and data protection legislation, however, that predates the CDPA. The Personal Information Privacy Act restricts the sale of customers’ personal information by merchants and limits the use of social security numbers. The Insurance Data Security Act, effective as of July 2020, requires insurance licensees to maintain the security of information systems and nonpublic information and investigates cyber security events. The Data Breach Law, enacted in 2008, requires state agencies and entities doing business in Virginia to notify individuals of any breach of their computerized, unredacted, and unencrypted personal information, with violations enforced by the Attorney General, who may seek up to $150,000 in penalties per breach.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top