Skip to main content

Virginia Consumer Data Protection Act Awaits Governor’s Signature -- Consumer Reports Proposes “Model State Privacy Act”

We summarized Virginia’s Consumer Data Protection Act (CDPA) in advance of its passage by the legislature and it now awaits Governor Ralph Northam’s signature.   This will make Virginia the second state (behind California) with a comprehensive state data privacy law.   There are some key differences between the Virginia CDPA and the California Consumer Privacy Act (CCPA) and Consumer Privacy Rights Act (CPRA).   We will have a full analysis of the Virginia CDPA next week, so watch this space. 

Other states are jumping into the pool, and since our last overview, several other states have begun to move bills through their legislatures.  Alabama, Arizona, Connecticut, Florida, and Kentucky have all introduced CCPA/GDPR-like bills that are moving through committees.  We are watching all of them, and will keep you updated.

Also, Consumer Reports has proposed a “Model State Privacy Act” “to ensure that companies are required to honor consumers’ privacy.”   This Model Act is similar to the CPRA, but has broad prohibitions on secondary data sharing, an opt-out of first-party advertising, and a private right of action in addition to state Attorneys General enforcement.

Make sure to register for our upcoming webinar on March 10:  The California Privacy Rights Act – What You Need to Know to Prepare.   January 2023 will be here sooner than you think.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.