In The News

Virginia Data Protection Bill Signed Into Law


05 Mar 2021

Kristen Mathews spoke to CSO about Virginia enacting the Consumer Data Protection Act (CDPA), a consumer data protection law along the lines of the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights and Enforcement Act (CPRA).

“The CDPA is basically a combination of the CCPA, CPRA, and GDPR,” Kristen said, but added that there are many differences between the Virginia bill and its counterparts.

For example, “the definition of personal information in the CDPA is narrow because it only includes data that is identifiable to a natural person, as opposed to data that is identifiable to a device or a household,” Kristen said.

Another difference deals with the de-identification of data, which businesses often implement to avoid privacy laws’ burdens. “The CDPA has conditions on de-identification that are beyond the conditions that are present in the CCPA and the CPRA,” she added. “There are more hurdles to successfully de-identifying data under the Virginia law.”

Read the full article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.