Published by Al Saikali

The following post was prepared by guest contributor, my friend, my brother-in-arms, and newly-minted Partner in Shook’s Privacy and Data Security Practice, Colman McCarthy 

For what seemed like an eternity (okay, just a couple years), the California Consumer Privacy Act was the only game in town when it came to state-level, comprehensive privacy legislation. Sure, we saw many other states introduce similar bills, and Washington got close a couple times to passing the Washington Privacy Act. Those all died on the vine, however. In fact, California was the only state after itself to see passage of anything really big, with the California Privacy Rights Act (which amends the CCPA, and is not a separate, new law) gaining passage in the November 2020 election.

All to which Virginia has recently stepped forward and said, “Hold my…authenticated consumer request.” The Virginia Consumer Data Protection Act (or VACDPA, as I prefer to call it) is a comprehensive privacy bill that was just signed into law by Governor Northam on March 2, and shows influences from both the CCPA and Europe’s General Data Protection Regulation.

What do you need to know about VACDPA, beyond the fact that it’s fun to say out loud? Probably the most important fact is that it won’t go into effect until January 1, 2023. That gives entities a long runway to understand their obligations under the law and get into compliance.

So, what about all the other stuff? Well…
Continue Reading Virginia’s Foray Into Comprehensive Privacy Law