Second state passes consumer privacy law

In March 2021, the Consumer Data Protection Act (CDPA) was signed into law in Virginia. Virginia and California now have comprehensive data privacy laws that could impact businesses that interact with citizens of those states.

A number of similar bills are proceeding through state legislatures around the country, including Florida, Oklahoma, New York and Washington. As laws are enacted, planning is essential to achieve compliance. Furthermore, as multiple state laws are passed, calls for a federal privacy law may accelerate.

Effective date

Virginia’s law is scheduled to become effective on January 1, 2023. That’s the same effective date as the California Privacy Rights Act, an update of their existing law dubbed “CCPA 2.0.”

A number of similar bills are proceeding through state legislatures around the country, including Florida, Oklahoma, New York and Washington. As laws are enacted, planning is essential to achieve compliance. Furthermore, as multiple state laws are passed, calls for a federal privacy law may accelerate.

Does the CDPA apply to my business?

Virginia’s CDPA will apply to businesses that control/process personal information for at least 100,000 Virginia residents and businesses that process data for at least 25,000 residents and make 50% or more of their revenue from selling that data.

Under the new state law, consumers should have the ability to access, correct and delete their personal data. Businesses will be required to perform assessments to ensure that they have appropriate security controls in place and are not infringing on a consumer’s privacy rights with their activities.

Unlike the California law, Virginia’s law does not include a revenue threshold. That means large businesses that do not hold significant quantities of consumer data will not be subject to the new requirements. California’s privacy laws are applicable to businesses with $25 million in annual gross revenue as well as (like Virginia) those that collect information for 100,000 residents.

If you would like more information on how US or international (e.g., General Data Protection Regulation (GDPR)) data privacy laws affect your business, consult your attorney.

More News

Step-up in basis at death might go away

The Sensible Taxation and Equity Promotion (STEP) Act would get rid of what’s known as the step-up in basis to tax the unrealized gains of certain estates at death.

Step-up in basis refers to the way the value of an asset is readjusted for tax purposes upon inheritance.

Read Article

SECURE Act 2.0 could change retirement

The Setting Every Community Up for Retirement Enhancement (SECURE) Act, which passed in late 2019, was only the start of changes for the retirement industry. A bipartisan bill, which has been nicknamed “SECURE Act 2.0,” is in the works.

Read Article

Collecting Social Security while working

For people who want to work while collecting Social Security, the “retirement earnings test” (RET) rules can be confusing. Some people think they’ll lose out on benefits if they continue to work, but that’s not true.

Read Article

Estate planning tips for unmarried couples

If you are in a committed relationship but are not married to your partner, estate planning is essential. Unless you each draft a will and designate the other person as a beneficiary, your assets will pass to other family members and your partner will receive nothing when you die. Further, without proper planning you won’t

Read Article