On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act, which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). The new law
Virginia
US states pass data protection laws on the heels of the GDPR
By Jeewon Kim Serrato (US), Chris Cwalina (US), Anna Rudawski (US) & Katey Fardelmann (US) on
Several U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here. Like their European counterparts, these state laws are intended to provide consumers with greater transparency and control over their personal data. The California and Vermont laws, in particular, go beyond breach notification and require companies to make significant changes in their data processing operations. See our earlier post on the California Consumer Privacy Act (“CCPA”) here.