Data laws are evolving since the EU introduced GDPR. With California’s CCPA law last year, and now Virginia’s own Consumer Data Protection Act in place as of March, businesses are catching up to a new reality of stricter data regulation.
Virginia has only become the second state to put in place a comprehensive privacy protection legislation, and it’s already diverging from CCPA and GDPR which means companies that are already aligned to those laws need to consider the extra hurdles to comply for data it holds on Virginia residents.
The CDPA does incorporate a lot of recent data privacy protection measures seen in CCPA and GDPR, but also goes further in some areas.
Businesses in the data security space such as Verity Systems, a manufacturer of hard drive degaussers and destroyers, have seen an increase in demand around data protection and erasure. As these new regulations come into place, companies across varying industries from healthcare to banking are all increasing investment in data protection and erasure.
For companies processing personal data of 100,000 or more consumers or processing personal data of 25,000 Virginia based residents which accounts for 50% of gross revenue, CDPA now applies.
The consumer component of the legislation means that a person who is resident has new rights accorded to them about their data. However it doesn’t go as far as CCPA which also factors in employee personal data, which doesn’t apply in Virginia’s regulation.
Consumers have a right to access, correct and delete their personal data among other provisions within the new law. If companies fail to resolve a data violation, they may face up to $7500 in fines per violation.
It was only recently that a data hack in the U.S. led to personal informational being leaked from government agencies as well as a variety of private sector businesses. NSA Director Gen. Paul Nakasone said this week that there was an “intelligence blindspot” for domestic internet activity, putting more emphasis on companies having to take their own measures to protect consumer data. And with Virginia’s new data law, more states are catching up and imposing their own regulatory hurdles as well.