Any
RAs that have been withdrawn for more than 6 months are no longer listed alongside the current
RAs. Withdrawn
RAs are listed for reference only at the bottom of this page (link available in the table of contents) under the heading Withdrawn Regulatory Articles.
If no
RAs have been withdrawn from this series then Withdrawn Regulatory Articles will not be available to view.
MAA regulatory publications (MRP)
March 5, 2021
Share
For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. On March 2, 2021, Virginia forced California to share the honors, when Democratic Gov. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA).
The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). Perhaps because Virginia was able to benefit from the experience of businesses that have spent the better part of the last five years implementing the GDPR or the CCPA, the Virginia law is less prescriptive and more straightforward than its predecessors, with (one would hope) a correspondingly lighter implementation burden on companies. Nonetheless, there is just enough different in the VCDPA that businesses with a connection to Virginia will need to evaluate