MONTH-IN-BRIEF (Mar 2021)
Data Privacy
Virginia Enacts Its Own Consumer Privacy Law
By Dredeir Roberts, In House Counsel at Core States Group and ABA Business Law Fellow
On March 2, 2021 Virginia’s Governor Ralph Northam signed the Virginia Consumer Data Protection Act (the “Act”) into law. The Act targets businesses that collect or sell “Personal Data” from Virginia consumers. Personal Data is defined as “any information that is linked or reasonably linkable to an identified or identifiable natural person.” Entities excluded from the Act’s requirements include non-profits and higher education institutions. This Act grants Virginia consumers several rights with respect to Personal Data, including the right to request access, the right to correct, and the right to delete their Personal Data from company records. While there is no express private right of action in the Act, an uncured violation alleged by the attorney general could bring about fines of up to $7,500 per violation. Qualifying businesses have until January 1, 2023 to become compliant with the Act.
