We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently became the first state to do so, surprising many with news that it quickly passed and signed into law comprehensive privacy legislation, namely the Virginia Consumer Data Protection Act (CDPA). Like the CCPA, Virginia’s CDPA builds on the Fair Information Privacy Principles (FIPP), making many of the lessons learned implementing the CCPA applicable here. The CDPA will take effect January 1, 2023.

This five-part series on Virginia’s CDPA provides a detailed overview of the act, and how it compares to California’s approach to privacy under the CCPA and CPRA. The series will be divided into the following parts:

  1. Introduction and Overview
  2. Consumer Rights
  3. Notice and Disclosure Obligations
  4. Data Processing Obligations
  5. Enforcement

At the conclusion of the series, Troutman Pepper will host a webinar on the Virginia CDPA on April 15, 2021. Please click here to register.

  • Installment No. 1: Introduction and Overview

Available: here

  • Installment No. 2: Consumer Rights

Available: here

  • Installment No. 3: Notice and Disclosure Obligations

Available: here

  • Installment No. 4: Data Processing Obligations

Available: here

  • Installment No. 5: Enforcement

Available: April 1, 2021


 

[1] Unless stated otherwise, the term “CCPA” is intended to reference the CCPA and CPRA in general. Where we felt it was necessary to draw a distinction between the CCPA and CPRA, we did so by explicitly stating such.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashley L. Taylor, Jr. Ashley L. Taylor, Jr.

Ashley is a partner in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, and focuses primarily on federal and state government regulatory and enforcement matters involving state attorneys general, the Consumer Financial Protection Bureau (CFPB), and the Federal Trade Commission (FTC).

Ashley is a partner in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, and focuses primarily on federal and state government regulatory and enforcement matters involving state attorneys general, the Consumer Financial Protection Bureau (CFPB), and the Federal Trade Commission (FTC). He serves as a member of the firm’s Policy and Partner Compensation committees.

Photo of David N. Anthony David N. Anthony

David Anthony handles litigation against consumer financial services businesses and other highly regulated companies across the United States. He is a strategic thinker who balances his extensive litigation experience with practical business advice to solve companies’ hardest problems.

Photo of Julie D. Hoffmeister Julie D. Hoffmeister

Julie is an associate primarily focusing on financial services litigation. She defends consumer-facing companies of all types in individual claims and class actions, including claims under the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), and the Telephone Consumer Protection…

Julie is an associate primarily focusing on financial services litigation. She defends consumer-facing companies of all types in individual claims and class actions, including claims under the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), and the Telephone Consumer Protection Act (TCPA). Julie also applies her litigation knowledge in assisting businesses in developing compliance processes and procedures for the myriad federal consumer protection laws.

Photo of Sadia Mirza Sadia Mirza

Sadia dedicates her practice to counseling clients on cutting-edge privacy and cybersecurity issues. Clients turn to her for pre-incident response planning and preparedness, and also call her when the first sign of a security incident/data breach appears. Given her years of experience coaching

Sadia dedicates her practice to counseling clients on cutting-edge privacy and cybersecurity issues. Clients turn to her for pre-incident response planning and preparedness, and also call her when the first sign of a security incident/data breach appears. Given her years of experience coaching clients through security incidents, Sadia is heavily involved with data breach regulatory and litigation matters, which gives her a 360-view and understanding of the issues most important and relevant to her clients.

Photo of Edgar Vargas Edgar Vargas

Edgar is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.

Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron is known as the interpreter between businesses and information technology. This experience allows him to bring a fresh and creative perspective to data compliance issues with the knowledge and historical perspective of an industry veteran.