IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Virginia passes consumer data protection law

Eastern state follows California in offering consumers opt-out for data processing

Virginia Capitol Building

Yesterday, Virginia became the second state to pass a consumer data protection law, forcing companies to give consumers the right to opt out of data collection. Governor Ralph Northam signed the Consumer Data Protection Act into law on Tuesday. 

The law, which Virginia's General Assembly passed last month, allows consumers to confirm whether a company is holding their data and access it using an automated system. The system allows them to retrieve it in a portable format, making it possible to send it to another company. 

Users can amend inaccuracies in the data or force the company to delete it altogether. They can also prevent companies from using the data for marketing or other purposes.

Companies must respond to consumer requests within 45 days but may extend that period by an additional 45 days based on request complexity, as long as they inform the individual and explain the delay. The company must fulfill up to two free annual requests from an individual, but they may charge for additional requests.

Organizations must disclose what they'll use an individual's data for and must limit their personal data collection to those purposes. They must also explain which third parties they'll share the data with and what they'll do with it.

Related Resource

Edge-enabled mobility of the future

Turning vehicle data into value

How to turn vehicle data into value - whitepaper from EquinixDownload now

Consumers can opt out of personal data collection and the sale of data to third parties. However, the company can choose not to offer consumers goods or services if it needs the opted-out data to provide the service.

The law, which goes into effect on January 1, 2023, affects companies holding personal data for at least 100,000 consumers or those holding at least 25,000 individuals’ personal data and make more than half their income selling that data. 

Companies violating the law face civil penalties of up to $7,500 per affected individual, but they can escape those penalties if they fix the problem within 30 days of Virginia notifying them. All penalties collected will go to a Consumer Privacy Fund established by Virginia, which will support enforcement of the Act.

The Act doesn’t define new data breach notification rules, instead referring to existing rules in the state's legal code.

The legislation now goes to Virginia's Joint Commission on Technology and Science to evaluate how to implement it and release a study by November.

This is the second such law to pass in the US. California's approval of the California Consumer Protection Act (CCPA) went into effect last year. There’s still no cohesive federal consumer data protection law, which four in five Americans want.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Google adds stronger safeguards for Workspace accounts
collaboration

Google adds stronger safeguards for Workspace accounts

11 Aug 2022
DoD taps up Torch.AI to strengthen cyber security capabilities
cyber security

DoD taps up Torch.AI to strengthen cyber security capabilities

11 Aug 2022
Home Office to collect foreign offenders' biometric data using smartwatch scheme
privacy

Home Office to collect foreign offenders' biometric data using smartwatch scheme

5 Aug 2022
FedEx to invest in more robotic automation from Berkshire Grey
Business strategy

FedEx to invest in more robotic automation from Berkshire Grey

4 Aug 2022

Most Popular

UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022