There have been important developments in data privacy laws as both the Virginia Consumer Data Protection Act (“VCDPA”) and California Privacy Rights Act (“CPRA”) are now in effect. Both laws are remarkably expansive and require careful attention to achieve compliance.
The Virginia Consumer Data Protection Act (VCDPA)
The Virginia Consumer Data Protection Act (VCDPA) applies to any person or business that conducts business in Virginia and processes personal data of Virginia residents.
Who does the VCDPA apply to?
Under the VCDPA, obligations are imposed on entities that conduct business in Virginia or produce products or services that are targeted to Virginia residents and that either:
- Control or process the personal data of at least 100,000 consumers during a calendar year.
- Control or process the personal data of at least 25,000 consumers and derive at least 50% of its gross revenue from the sale of personal data.
Personal data is linked or reasonably linkable to an identified or identifiable natural person. This includes, but is not limited to, names, addresses, email addresses, IP addresses, and other unique identifiers.
What does the VCDPA require employers to do? Continue reading