Virginia just adopted a new data protection law that is set to go into effect on January 1 of 2023. The law is titled the Virginia Consumer Data Protection Act (CDPA) and will require businesses and people conducting business within the state to comply with updated data security and privacy requirements. The legislation mirrors some of the provisions laid out by the European Union in the General Data Protection Regulation. When it goes into effect, businesses found to have violated the law will have 30 days to correct the misconduct before they are fined up to $7,500 per violation.
Under the CDPA Virginia residents will also gain the ability to view and obtain their personal data held by businesses and organizations and will be able to correct errors in it or delete it if desired. Other consumer rights granted under the new law include allowing Virginians to opt-out of the processing of personal data for targeted advertising purposes. However, the new law contains no private right of action, meaning that individuals cannot take legal action against a business if they believe their CDPA rights have been violated.
Read More: Virginia Passes New Data Protection Law