It doesn’t matter where your business is located-–the VCDPA applies to your company if your customers reside in Virginia. Businesses that fail to comply with the VCDPA may be subject to significant fines and penalties and possible damage to their reputations.
In this article, we provide information that can help business owners successfully navigate the Virginia Consumer Data Protection Act (VCDPA).
Passed on March 2, 2021, the VCDPA provides consumers with broad protection and rights concerning the collection, use, processing, sharing, and sale of their personal information.
It doesn’t matter where your business is located-–the VCDPA applies to your company if your customers reside in Virginia. Businesses that fail to comply with the VCDPA may be subject to significant fines and penalties and possible damage to their reputations. But there are solutions that simplify compliance.
The VCDPA applies to entities that conduct business in Virginia or provide products or services that target Virginia residents and that either:
Because the VCDPA does not impose a revenue threshold, a business cannot become subject to the law merely due to its annual revenues; however, smaller, regional businesses that meet other thresholds may find that they need to comply with it.
The "sale of personal information" is defined as "the exchange of personal data for monetary consideration." Importantly, the definition of sale includes a few notable exclusions:
The law defines a consumer as "a natural person who is a resident of the Commonwealth acting only in an individual or household context." It explicitly omits persons who are "acting in a commercial or employment context."
The VCDPA provides consumers with six rights, including the right to:
The law mandates that a business that receives an authenticated request must comply, irrespective of the hardships or impracticable nature of the request language.
To cost-effectively ensure they are complying with VCDPA, businesses will have to manage and track consumers’ requests to opt-out, review, access, delete, and obtain their data.
Business owners and leaders need a system for tracking consumer requests to opt-out, review, access, delete, and obtain their data. Without an accurate system for tracking the status of each request, business owners risk costly penalties and damage to their reputations.
To strengthen and enhance customer loyalty, PrivacyCare offers a system that features:
For help with your data privacy compliance challenges, contact PrivacyCare today.
PrivacyCare CEO and Co-Founder Brad Garsten joins Microsoft, Squire Patton Boggs and moderated by IAPP - International Association of Privacy Professionals, to discuss the business, legal, and technical implications of the new state privacy laws and how they will impact your business.
January 20, 2023
To cost-effectively ensure that you are complying with data privacy laws like GDPR and CPRA, business owners will have to manage and track consumers’ requests to opt out, review, access, delete and obtain their data. Are you ready for 2023 consumer data privacy laws?
December 14, 2022
With limited budgets and resources available to implement all the necessary requirements, small and medium-sized businesses may be challenged to comply with consumer data privacy regulations. If you fail to comply with CPRA regulations, you may face expensive financial penalties and possible damage to your reputation.
December 17, 2022
Avoid costly fines, protect your customers personal data and protect your brand value by building customer trust. Jumpstart your consumer data privacy program and get started for free today.Get Started
No credit-card required