Kristen Mathews spoke to Compliance Week about the Virginia Consumer Data Protection Act, which Governor Ralph Northam signed on March 2 to take effect beginning January 1, 2023.
According to Kristen, the Virginia law mirrors the California Privacy Rights Act in many ways, but adds in several new requirements. For one, businesses have to create an appeals process if they deny a consumer’s request for information about their personal data, and if the business denies the appeal, they must refer the consumer to the Attorney General’s office complaint line – something businesses would be loath to do.
“Businesses might honor requests (for information) even if the law doesn’t require them to,” Kristen said.
She added that the Virginia data privacy law also requires businesses to conduct data protection assessments, where they list out steps taken to keep customers’ personal information safe.
Read the full article (subscription may be required).