Virginia Consumer Data Protection Act (Virginia CDPA)

The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy- and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes set to

The Virginia Consumer Data Protection Act, which is scheduled to go into effect in 2023, states that a consumer has the right to “opt out of the processing of the personal data for purposes of [] targeted advertising . . . .”1 Unlike other state statutes, such as the CPRA, the Virginia Consumer Data

The Gramm–Leach–Bliley Act (GLBA) and its implementing regulations impose privacy requirements when financial institutions collect “nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes.”[1] GLBA does not apply, however, when a financial institution collects information about individuals “who obtain financial products or services for business,

Colorado is the third state, after California and Virginia, to get a comprehensive data privacy statute through its legislature. While the Colorado Privacy Act (CPA) awaits signature by Gov. Polis, businesses are assessing to what extent the CPA will impact their privacy programs.

The following provides a high-level cross-reference to help companies compare and contrast

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

On Wednesday, April 21 at 1:00 p.m. EST, join GT Shareholder David A. Zetoony, co-chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, for a Federal Bar Association webinar on “AdTech, Cookies, Wiretapping, and Banners: The impact of changing laws and changing technology on the world of cookies.”

The program will provide the

On March 2, 2021, Virginia Gov. Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, making Virginia the second state to have comprehensive data privacy legislation on the books. The CDPA is similar to the privacy regime enacted under the California Consumer Privacy Act (CCPA) and expanded under the California Privacy Rights

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation.  The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation. The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies