top of page

Virginia’s New Privacy Law – What Businesses Need to Know

Updated: May 11, 2023

Virginia’s New Privacy Law – What Businesses Need to Know

The Virginia Consumer Data Privacy Act is going into effect on January 1, 2023. How does it already have changes?! Well, the law was signed a few years ago, and various regulators have added their opinions. That means, if you read up on the law a few months ago, you may not have all the current information. We’re here to help!

What does the VCDPA cover?

The VCDPA is very similar to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). The CPRA is an extension of the CCPA, but let’s not get off track. Basically, the VCDPA is all about consumer rights. That means, if you own a business in Virginia or have site visitors, manage, or collect data from Virginia residents, you must comply with their regulations. These include:

  • The right for users to know where, and from whom, their data is being collected or shared

  • This requires a cookie banner, a straightforward privacy policy, and a way for users to decline or accept the terms on your website.

  • The right to correct that information if it is not accurate

  • This requires a simple way for anyone, with any ability, to ensure that their data is accurate while they are visiting or sharing from your site.

  • The right to have an understandable and ADA compliant privacy policy

  • The Americans with Disabilities Act (ADA) requires that businesses must give end users reasonable access to the information they are presenting. If someone can’t read, hear, or otherwise understand a privacy policy, they can’t agree to it. Makes sense, right?

  • The right to delete information if necessary

  • When someone doesn’t want their data shared, or did it without knowing, they should be able to delete it.

  • The right to opt in or opt out of sharing data

  • If an end user does not want their data shared with a certain industry or entity, they should be able to say no. If they do want it shared, they can easily say yes.

This sounds just like the CCPA and the CPRA. What am I missing in the Virginia’s New Privacy Law?

The new Virginia’s New Privacy Law (VCDPA) provisions specify that you cannot discriminate against anyone, regardless of their gender, sexual orientation, location, or religious beliefs. This is a little different from when the law was originally signed. It also includes more.

The VCDPA specifically excludes employees and businesses of a Virginia company from the same protection as average consumers. The reason why is that employers have to gain a certain amount of information regarding their employees in order to gainfully employ them. As of now, there are no provisions for that information under VCDPA.

Are there any exemptions?

Yes, there are. But! It’s complicated. Even if you are a non-profit, healthcare, education, or financial organization, you could still be fined under the VCDPA. Unless you completely know and understand the nuances of all the exemptions, it could get you into trouble. Let’s remember unintentional lapses in judgement still get fined. Intentional lapses? Now you’re in trouble! If you know the law and you’re not following it, you will get in trouble.

What are some special things about the VCDPA?

Something that’s unique to VCDPA is that citizens don’t have a private right to action against businesses. They have to go through the Attorney General first. This is interesting, because the law is designed to protect citizens, but it seems like there are a lot of hoops to jump through. Is this better for business? Not necessarily.

If an end user is so determined to take action that they contact the Attorney General, get all of the necessary paperwork, and file, it’s an absolute nightmare for the company they’re suing. Not only is the individual and company involved, but it also has government oversight. Now, we’re looking into audits, investigations, fines, and potentially even more lawsuits from other disgruntled customers.

In a way, the VCDPA protects both businesses and customers. It ensures that everyone must go through the proper steps to get the verification they need for digital privacy and transparency.

How can I comply with VCDPA?

There are several ways to comply.

  • You do it manually. This is a lot of hard work, and it’ll more than likely distract you from other things that keep your business running. You’ll need to stay up to date on all of the laws, how they’re changing, and what your site needs to be compliant.

  • You use a free service to help you manage laws. This may or may not be incomplete based on your business needs. The solution offered might not have the right regulations in place to ensure that they are following the laws. Don’t put your paws in dirty water!

  • You get a free trial and a talk with a privacy expert who can help you navigate what your needs are and how you can best meet them.

The Adzapier solution

A Consent Management Platform (CMP) can help you organize, manage, visualize and store the data you need to stay in compliance with current and changing laws. There are many out there. Not are all the same, but not may all offer you the right options.

With Adzapier, you get choices. Just like privacy, what you want to show, share and save is all up to you. We just want to help you make sure that your business is in compliance with state and global laws.

In conclusion.

The VCDPA is well on the way, and things are happening faster than any busy business owner can keep up with. Having the right tools at hand will give your customers plenty of insight and control over their data. It’ll also give your business the benefit of showing that you care, and you’re right there with them.

If you ever get audited, you’ll be able to show a record of consent and preference management. If your customers need information, you’ll be able to send it to them in just a few clicks. Trust: check. Loyalty: check. Audit-proof: check. When you see, you know. When your customers see, they’ll know, too.

bottom of page