Big news in privacy law: Last week, Virginia became the second state since California to pass a state consumer privacy bill into law.
The legislation, known as the Consumer Data Protection Act, will allow Virginians to opt out of having their data collected and sold. The law, which is expected to take effect on Jan. 1, 2023, will also require companies to get permission before collecting certain sensitive information, including data on race, ethnicity and geolocation. The law is considered similar to but less restrictive and more business friendly than California’s state privacy law, which was enacted in 2018 and went into effect last year.
You might wonder why I care. After all, I’m a business attorney in North Carolina, which doesn’t have such legislation in the works. And there is no federal consumer privacy law, and momentum for one only ebbs and flows. Here’s the thing: Businesses have to follow privacy laws that pertain to wherever they do business and have customers. A smart educated guess is that more North Carolina companies do business in or have customers in Virginia than in California.
Another thing to keep in mind: It doesn’t matter where you do business or your customers live. Privacy isn’t an issue that is going away anytime soon or anytime at all. It’s a good business to care about privacy protection and incorporate it into your business practices no matter what.
Think of it this way, if you have a data breach and your customers’ private information is leaked to third parties, do you think your reputation or legal bills will be helped by the fact that you didn’t have to comply with any consumer privacy laws anyway?
Why not get ahead of it? Set a good example. Build consumer trust. Protect your reputation.
And then you will be ready – or more ready – if a national consumer privacy law is ever passed.
