Does Virginia have its own Consumer Protection Act?

 

Yes. On March 2, 2021, the Virginia Consumer Data Protection Act (“VCDPA”) was enacted into law, to go into effect on January 1, 2023. The VCDPA gives Virginia residents the rights to access, correct, delete, know, and opt-out of the sale and processing for targeted advertising purposes of their personal information. Enforcement of the VCDPA is exclusively within the power of the Attorney General, and there is no private right of action for consumers.

VCDPA applies to all entities “who conduct business in the commonwealth of Virginia or produce products or services that are targeted to residents of the Commonwealth” and who, during a calendar year, either:

(1) control or process personal data of at least 100,000 consumers, or

(2) derive over 50% of gross revenue from the sale of personal data of at least 25,000 consumers.

The bill does not apply to state or local governmental entities and certain types of data and information governed by federal law are exempt from the statute.

“Personal Data” includes “any information that is linked or reasonably linkable to an identified or identifiable natural person,” but excludes employment data, pseudonymous data, and “de-identified data or publicly available information.”

VCDPA also grants consumers the right to not be discriminated against for exercising any of the rights granted by this statute, but explicitly exempts loyalty programs from this prohibition.

VCDPA limits the ability of businesses to store and use personal data and it requires the implementation of certain safeguards. VCDPA limits the collection and processing by controllers of personal data to that which is “adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed.” If the controllers wish to use such personal data for another purpose, they must obtain consent from consumers before processing the data.  Additionally, VCDPA requires that businesses “establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data,” as appropriate to the volume and nature of the personal data collected.

For more information about the VCDPA, click here.


Commercial Council

NORTHERN VIRGINIA ASSOCIATION OF REALTORS®

NVAR FAIRFAX HEADQUARTERS
8407 Pennell Street, Fairfax, VA 22031 | MAIN: 703.207.3200 | HOURS: 8:30 AM - 5 PM

Copyright © 2017 NVAR. All rights reserved.

At NVAR, we are committed to providing inclusive services for all individuals. If you require any accessibility or language accommodations while visiting our building, please contact us here.


Web Design and Development by Matrix Group International, Inc. ®

Real Estate Service Providers →

Homebuyers & Sellers →