Articles

05Mar

Virginia the 2nd State with Comprehensive Privacy Regulation - Consumer Data Protection Act Now Law

Virginia Governor Ralph Northam (D) signed comprehensive privacy legislation, the Virginia Consumer Data Protection Act (CDPA), into law on March 2, 2021. The new law emulates aspects of the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

The new Virginia CDPA establishes a framework for controlling and processing personal data of Virginia consumers, applicable to many marketing research and data analytics companies and departments. It will saddle covered companies with responsibilities and privacy protection standards and grant consumers rights to access, correction, deletion, portability, and to opt out of the sale of personal data. Covered companies will also be required to conduct certain data protection assessments. The law comes into effect January 1, 2023.

The Insights Association and its grassroots members communicated with the sponsor and the Virginia legislature regarding the Act and other proposed privacy and data security legislation.

“While our concerns about the treatment of marketing research, and a definition of sensitive data so broad as to include common demographic data, went unheeded, we appreciate the Commonwealth keeping enforcement power vested with the state Attorney General,” commented Howard Fienberg, VP Advocacy for the Insights Association.

The CDPA’s new privacy framework will impact many in the insights industry, even those not located in-state, since personal data of Virginia residents is regularly collected, processed and shared for legitimate purpose by insights companies and organizations.

Fienberg reaffirmed IA’s commitment to passage of a federal privacy law. “As a founding member of Privacy for America, the Insights Association advocates for comprehensive federal privacy legislation that will move beyond the old-school notice-and-choice model and focus on outcomes instead of processes.”

In addition to the new law in Virginia, and CCPA in California, IA is already contending with comprehensive privacy bills under consideration this year in Alabama, Arizona, Connecticut, Florida, Illinois, Kentucky, Massachusetts, Minnesota, New Jersey, New York, Oklahoma, Rhode Island, Utah, Vermont, and Washington state. 

Fienberg concluded that, “our industry, and the people, companies, organizations and governments that rely upon the insights we produce every day to be able to learn, understand and respond to consumer attitudes, needs, behavior and opinions, cannot afford this growing patchwork of conflicting state privacy laws.”

IA shared analyses of CDPA with members in the legislation’s initial draft and in final form.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Michigan Personal Data Privacy Act - S.B. 1182

Michigan Personal Data Privacy Act - S.B. 1182

The Michigan Personal Data Privacy Act (S.B. 1182) is comprehensive privacy legislation with similar...

Read More >
Michigan Consumer Privacy Act - H.B. 5989

Michigan Consumer Privacy Act - H.B. 5989

The Michigan Consumer Privacy Act (H.B. 5989) is comprehensive state data privacy legislation modele...

Read More >
Warner Proposes Cybersecurity Policy Changes for Health Care

Warner Proposes Cybersecurity Policy Changes for Health Care

Sen. Mark Warner (D-VA) is circulating a “policy options document” around DC in search of feedback...

Read More >
New York Child Data Privacy and Protection Act - S. 9563

New York Child Data Privacy and Protection Act - S. 9563

The New York Child Data Privacy and Protection Act (S. 9563) is legislation modeled on a recent Cali...

Read More >
Will Lame Duck Congress Advance a Kids Privacy Bill?

Will Lame Duck Congress Advance a Kids Privacy Bill?

​​​​​​​Senate Commerce Committee Chair Maria Cantwell is pushing to pass a pair of bills aime...

Read More >
Fighting for You: November 2022 Legislative and Regulatory Update

Fighting for You: November 2022 Legislative and Regulatory Update

With American Thanksgiving now in the rearview mirror, let’s look back at the biggest challenges th...

Read More >
Members only Article - Please login to view