Virginia Consumer Data Protection Act Series
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA). The Virginia state legislature recently became the first state to do so, surprising many with news that it quickly passed and signed into law comprehensive privacy legislation, namely the Virginia Consumer Data Protection Act (CDPA). Like the CCPA, Virginia’s CDPA builds on the Fair Information Privacy Principles (FIPP), making many of the lessons learned implementing the CCPA applicable here. The CDPA will take effect January 1, 2023.
This five-part series on Virginia’s CDPA provides a detailed overview of the act, and how it compares to California’s approach to privacy under the CCPA and CPRA. The series will be divided into the following parts:
1. Introduction and Overview
2. Consumer Rights
3. Notice and Disclosure Obligations
4. Data Processing Obligations
At the conclusion of the series, Troutman Pepper will host a webinar on the Virginia CDPA. Registration information will be circulated at a later date.
Below is the tentative schedule for this five-part series. This week’s alert provides an introduction and overview of the CDPA. It can be accessed here.
· NEW: Installment No. 1: Introduction and Overview
· Installment No. 2: Consumer Rights
Release Date: March 11, 2021
· Installment No. 3: Notice and Disclosure Obligations
Release Date: March 18, 2021
· Installment No. 4: Data Processing Obligations
Release Date: March 25, 2021
· Installment No. 5: Enforcement
Release Date: April 1, 2021
 Unless stated otherwise, the term “CCPA” is intended to reference the CCPA and CPRA in general. Where we felt it was necessary to draw a distinction between the CCPA and CPRA, we did so by explicitly stating such.