SEARCH SITE

VIRGINIA LAW PORTAL

SEARCHABLE DATABASES

ACROSS SESSIONS

Developed and maintained by the Division of Legislative Automated Systems.

2020 SESSION

  • | print version

HB 473 Personal data; management and oversight.

Introduced by: Mark D. Sickles | all patrons    ...    notes | add to my profiles

SUMMARY AS INTRODUCED:

Personal data; Virginia Privacy Act. Gives consumers the right to access their data and determine if it has been sold to a data broker. The measure requires a controller, defined in the bill as a person that, alone or jointly with others, determines the purposes and means of the processing of personal data, to facilitate requests to exercise consumer rights regarding access, correction, deletion, restriction of processing, data portability, objection, and profiling. The measure also (i) requires transparent processing of personal data through a privacy notice, (ii) requires controllers to disclose if they process personal data for direct marketing or sell it to data brokers, and (iii) requires controllers to conduct a risk assessment of each of their processing activities involving personal data and an additional risk assessment any time there is a change in processing that materially increases the risk to consumers. The measure applies to any legal entity that conducts business in the Commonwealth or produces products or services that are intentionally targeted to residents of the Commonwealth and that (a) controls or processes personal data of not fewer than 100,000 consumers or (b) derives over 50 percent of gross revenue from the sale of personal data and processes or controls personal data of not fewer than 25,000 customers. A violation of this measure is made a prohibited practice under the Virginia Consumer Protection Act.


FULL TEXT

HISTORY