To embed, copy and paste the code into your website or blog:
On March 2, 2021, Governor Northam signed into law Virginia’s own Consumer Data Protection Act (“Virginia CDPA” or the “Act”), a bill that brings together concepts from the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It is the first of its kind legislation on the East Coast. The law will go into effect on January 1, 2023.
The drafters of the Virginia CDPA appear to have benefited from observing the pitfalls and problems that arose in the development and implementation of both GDPR and CCPA. The Virginia bill deftly avoids several of those by incorporating narrower, more tailored definitions that clearly exclude categories of data and businesses over which there was (and continues to be) some confusion with respect to both the EU/UK and California compliance regimes. It also adopts, in concept, the framework
Students care about their data privacy, and this concern is increasing.
A 2016 EDUCAUSE Center for Analysis and Research (ECAR) survey found that one-third of undergraduate students were concerned that technology advances may increasingly invade [their] privacy. A Gallup poll in 2015 found that 44 percent of Millennials believe their personal information is kept private some of the time and that 26 percent believe their personal information is kept private little or none of the time. In 2016, the Gallup poll showed that 44 percent of Millennials trusted companies to keep their personal information private all or most of the time but that 33 percent trusted companies to keep their personal information private little or none of the time, a 7 percentage point increase from 2015. These surveys reflect students growing awareness and distrust of entities possessing their data. In 2018, Gallup found that 39 percent of respondents ages 18 to 49 were very concerned about