Keypoint: The Virginia Privacy Act would create CCPA-like rights for Virginia residents while the Sale of Personal Data Act would create rights vis-à-vis “data sellers.”
Lawmakers in Virginia have proposed two bills that, if enacted, would create a number of privacy rights for Virginia residents and compliance burdens for covered entities.
The first bill – the Virginia Privacy Act (HB 473) – was prefiled on January 3, 2020, and offered on January 8, 2020. It would create CCPA-like rights for Virginia residents and new obligations on businesses such as a requirement to conduct risk assessments.
The second bill – which is unnamed but for our purposes will be referred to as the Sale of Personal Data Act (SB 641) – was prefiled on January 7, 2020, and offered on January 8, 2020. Among other things, it would require data sellers to implement reasonable security measures to protect personal data, respond to certain types of privacy requests, and notify Virginia residents of data breaches.
In addition to Virginia, lawmakers have proposed consumer privacy legislation in Florida, Illinois, Washington state, Nebraska, New Jersey, New Hampshire, and Hawaii. Members of Husch Blackwell’s privacy and data security practice group will be hosting a webinar on February 4 at noon CST to discuss these proposed laws and to provide an update on the CCPA. To register, click here.
Below is our analysis of Virginia’s proposed legislation (as introduced). We will first analyze the Virginia Privacy Act and then separately analyze the Sale of Personal Data Act.