Kristen Mathews spoke to Bloomberg Law about the Virginia Consumer Data Protection Act, a recently enacted consumer privacy law that will require businesses to begin compliance preparation now to avoid regulatory scrutiny once the law takes effect in January 2023.
The Virginia law calls for data protection assessments, a concept borrowed from the European Union’s General Data Protection Regulation that help companies identify and minimize risks associated with data processing activities, including targeting advertising. According to Kristen, those assessments are likely a new requirement for U.S. companies that don’t operate overseas, so they may take some time to craft.
“Create a template for those data protection assessments and embed those templates into internal processes,” Kristen advised. “It helps to systemize those now, so you’re ready when the law takes effect.”
Read the full article (subscription required).