SEARCH SITE
VIRGINIA LAW PORTAL
- Code of Virginia
- Virginia Administrative Code
- Constitution of Virginia
- Charters
- Authorities
- Compacts
- Uncodified Acts
- RIS Users (account required)
SEARCHABLE DATABASES
- Bills & Resolutions
session legislation - Bill Summaries
session summaries - Reports to the General Assembly
House and Senate documents - Legislative Liaisons
State agency contacts
ACROSS SESSIONS
- Subject Index: Since 1995
- Bills & Resolutions: Since 1994
- Summaries: Since 1994
Developed and maintained by the Division of Legislative Automated Systems.
2021 SESSION
SB 1392 Consumer Data Protection Act; establishes a framework for controlling and processing personal data.
Introduced by: David W. Marsden | all patrons ... notes | add to my profiles | history
SUMMARY AS PASSED SENATE:
Consumer Data Protection Act. Establishes a framework for controlling and processing personal data in the Commonwealth. The bill applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The bill outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The bill grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt out of the processing of personal data for the purposes of targeted advertising. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The bill has a delayed effective date of January 1, 2023.
SUMMARY AS INTRODUCED:
Consumer Data Protection Act. Establishes a framework for controlling and processing personal data in the Commonwealth. The bill applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The bill outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The bill grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt out of the processing of personal data for the purposes of targeted advertising. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The bill has a delayed effective date of January 1, 2023.