What Will the New Virginia Privacy Law Do for Consumers?
Following in the footsteps of California, Virginia is set to introduce a new consumer privacy law. In this guide, we’ll explore the impact of privacy laws on consumers and businesses.
How will a new consumer privacy law affect businesses?
If a new consumer privacy law is passed in Virginia, it will impact both companies and their customers.
The Consumer Data Protection Act (CDPA), which is based on California’s Consumer Privacy Act, will apply to covered organizations that are based in Virginia, as well as those that have customers in the state.
The CDPA will apply to organizations that have access to the personal information of more than 100,000 residents in Virginia, as well as those that generate at least 50% of their revenue from selling data in cases where they hold sensitive information for at least 25,000 consumers.
In basic terms, the law would cover large companies and data brokers, which are classed as controllers, with smaller businesses exempt from new terms.
Changes to cybersecurity
If a company or organization is covered by the CDPA and deemed a ‘controller,’ they will be required to implement processes and measures to protect consumer data and rights.
This includes enhancing cybersecurity to shield personal information, ensuring that data collection is limited to what is “adequate, relevant, and reasonably necessary” and carrying out regular, routine assessments of activities linked to data collection.
Businesses and entities that are covered by the act will be required to adhere to new guidelines and enforce robust cybersecurity measures to protect consumer data. One expert IT company in Fairfax explains, “Cyberattacks are not a matter of if, but when. . . . Multilayered managed cyber security services can help your business minimize the risk and stay compliant.”
What are the benefits for consumers?
Privacy laws are designed to protect consumers and provide additional rights related to data collection, storage and sharing.
The bill outlines clear definitions of covered consumers, which include individuals acting within a ‘household context.’ The bill does not cover consumers acting within either a commercial or employment context.
Covered individuals would gain new rights under the proposed law, including:
- The right to ask for confirmation that a controller has access to your data and to request to see it
- The right to modify and correct inaccuracies or inconsistencies within that data
- The right to request that a controller deletes personal data that you have provided or obtained
- The right to opt-out of data collection strategies, such as those used for targeted marketing and profiling and to refuse the sale of personal data to a third party
New consumer privacy laws should provide peace of mind for consumers who may be worried about who is collecting information about them and how they are using it.
It is important to note that violations are treated differently in different states. The Virginia bill does not include the right to sue if the law is violated. In this case, the office of the attorney general can take action.
New privacy laws are under the microscope as Virginia prepares to introduce a new act. Privacy laws are designed to protect and shield data and provide consumers with more rights. The act will impact consumers and businesses, with organizations that are covered taking additional steps to protect consumer privacy and enhance cybersecurity.