• Virginia Data Privacy Law Goes into Effect

    Virginia Data Privacy Law Goes into Effect

    Data privacy is quickly becoming a hot topic in the business world. Website and app users want to know what they share and what happens with that data. In March 2021, Virginia became the latest U.S. state to pass a data privacy law. This law, the Virginia Consumer Data Protection Act (VCDPA), went into effect on January 1, 2023, and has several requirements for businesses with website and/or app users in Virginia.

    What is the Virginia Consumer Data Protection Act (VCDPA)

    Virginia Consumer Data Protection Act (VCDPA) is an online data privacy law that gives online users more control over the personal information gathered about them. With the Virginia Consumer Data Protection Act (VCDPA) now in effect, businesses must give website and/or app users the ability to access their personal data. In addition, companies must provide users the right to request the deletion or modification of their data and ensure that any de-identified or modified information cannot be traced back to a specific source.

    Who Is Affected

    The following businesses must comply with VCPDA:
    • Businesses that conduct business in Virginia (Virginia businesses include any business entities that conduct activities in Virginia and have a presence in Virginia. This includes Virginia corporations, limited liability companies, partnerships, associations, other legal entities, and foreign companies doing business in Virginia.)
    • Businesses that target, collect, use, or disclose Virginia user data.
    • Businesses that control or process personal data for at least 100,000 Virginia users in a year.
    • Businesses that derive over 50 percent of their revenue from the sale of personal data from no fewer than 25,000 people.

    What Can Happen If a Company Doesn't Comply

    Failing to comply with Virginia's data privacy law can result in fines. The act grants the state attorney general the authority to bring civil actions against businesses that fail to comply with Virginia's data privacy laws, potentially resulting in fines of up to $7,500 per violation.
    That said, businesses benefit from a 30-day period within which they can remedy any violations of the Virginia Consumer Data Protection Act. During this period, they can communicate with the attorney general's office and resolve any potential violations before receiving fines.

    Take Steps to Comply With the VCDPA

    Virginia is the latest state to add data privacy laws to its books. Contact us to fully understand the data privacy compliance needed for your business's website or app.


    ANA•LITK Marketing

    We are a SWaM-certified results-driven boutique marketing and branding services firm with over 30 years of experience. We believe in data-driven creative inspiration and eureka moments that help B2B businesses achieve their goals and multiply their results. 

    Leave a Comment
    * Required field