Virginia has become the second state to enact a comprehensive consumer data privacy statute in the United States. Signed into law by Virginia Governor Ralph Northam on March 2, 2021, the Consumer Data Protection Act (“CDPA”) will take effect on January 1, 2023. While the CDPA shares some key components with the California Consumer Privacy Act (“CCPA”) and the upcoming California Privacy Rights Act (“CPRA”), the CDPA also differs in several ways. This Legal Update notes what companies should be thinking about now and discusses the scope of the CDPA, and provides a comparison of its obligations with those under the CCPA and the CPRA.
