Virginia has become the second state in United States to formulate a data protection act that will be in lines with UK’s General Data Protection Regulation (GDPR). However, the act will come into effect the 1st of January 2023 and until then will be available for access, discussions, and edits through proper channel.
Dubbed as Virginia Consumer Data Protection Act (CDPA), the law will focus more on data privacy and will be under the federal privacy law of California.
Going forward, the act will give certain rights to citizens like what data are the businesses storing and in certain cases get a copy of that recorded data lawfully.
Now for those interested, they will have a right to urge the business(company) to delete that data or will opt out of any intended ad campaigns.
The Virginia CDPA will also be awarding the businesses the right to collect information about its users for a specific purposes like product/service developments or services.
Here, “businesses” strictly refers to the sense of operating a website that serves Virginia residents and will have to comply with the latest rules if it has over 100,000 registered consumers from Virginia.
But businesses that fall under HIPAA or Graham Leach Bliley Financial Regulations, not-for-profit organizations, educational institutes and government entities will not fall under CDPA coverage.
Note- Under the latest law, personal data is defined as information linked to identify a person in a natural way and sensitive data refers to information related to Se#$%l orientation, financial info, health related information, citizenship or immigration status data or religious beliefs. Also, photos, videos and audio recordings are being exempted from the definition of a collection of bio-metrics data as per the latest law.