We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently became the first state to do so, surprising many with news that it quickly passed and signed into law comprehensive privacy legislation, namely the Virginia Consumer Data Protection Act (CDPA). Like the CCPA, Virginia’s CDPA builds on the Fair Information Privacy Principles (FIPP), making many of the lessons learned implementing the CCPA applicable here. The CDPA will take effect January 1, 2023.

This five-part series on Virginia’s CDPA provides a detailed overview of the act, and how it compares to California’s approach to privacy under the CCPA and CPRA. The series will be divided into the following parts:

  1. Introduction and Overview
  2. Consumer Rights
  3. Notice and Disclosure Obligations
  4. Data Processing Obligations
  5. Enforcement

At the conclusion of the series, Troutman Pepper will host a webinar on the Virginia CDPA on April 15, 2021. Please click here to register.

  • Installment No. 1: Introduction and Overview

Available: here

  • Installment No. 2: Consumer Rights

Available: here

  • Installment No. 3: Notice and Disclosure Obligations

Available: here

  • Installment No. 4: Data Processing Obligations

Available: here

  • Installment No. 5: Enforcement

Available: April 1, 2021


 

[1] Unless stated otherwise, the term “CCPA” is intended to reference the CCPA and CPRA in general. Where we felt it was necessary to draw a distinction between the CCPA and CPRA, we did so by explicitly stating such.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Photo of David N. Anthony David N. Anthony

David Anthony handles litigation against consumer financial services businesses and other highly regulated companies across the United States. He is a strategic thinker who balances his extensive litigation experience with practical business advice to solve companies’ hardest problems.

Photo of Ashley L. Taylor, Jr. Ashley L. Taylor, Jr.

Ashley is co-leader of the firm’s nationally ranked State Attorneys General practice, vice chair of the firm, and a partner in its Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He helps his clients navigate the complexities involved with multistate attorneys general investigations…

Ashley is co-leader of the firm’s nationally ranked State Attorneys General practice, vice chair of the firm, and a partner in its Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He helps his clients navigate the complexities involved with multistate attorneys general investigations and enforcement actions, federal agency actions, and accompanying litigation.

Photo of Sadia Mirza Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Photo of Julie D. Hoffmeister Julie D. Hoffmeister

Julie is a partner primarily focusing on financial services litigation. She defends consumer-facing companies of all types in individual claims and class actions, including claims under the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), and the Telephone Consumer Protection…

Julie is a partner primarily focusing on financial services litigation. She defends consumer-facing companies of all types in individual claims and class actions, including claims under the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), and the Telephone Consumer Protection Act (TCPA). Julie also applies her litigation knowledge in assisting businesses in developing compliance processes and procedures for the myriad federal consumer protection laws.

Photo of Edgar Vargas Edgar Vargas

Edgar is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.