We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Know Virginia Consumer Data Protection Act

  • author image

    Written By Shuja Khan linkdin

  • calender

    Updated on June 07, 2022

  • clock

    Min Reading 3 Min

Consumers are more in control of their data and privacy today than ever before.

Protecting privacy and maintaining data security has become a common topic of discussion across the globe and is gaining momentum. Following California's CCPA, Virginia has also established a comprehensive data privacy legislation and will become the 2nd state in the United States with such a law in effect.

Virginia Consumer Data Privacy Act

 

The then-Virginia Governor Ralph Northam, on March 2nd, 2021, passed the Virginia Consumer Data Protection Act (VCDPA), which gives consumers in Virginia the right to control the use of their data. Three amendments were suggested and signed into law by the new Virginia Governor Glenn Youngkin on April 11th, 2022. The bill's text was finalized and will become effective from January 2023. 

In this article, we will walk you through everything that you need to know about the Virginia Consumer Data Protection Act (VCDPA). It will cover:

  • What is the Virginia Consumer Data Protection Act?
  • What personal data does the Act relate to?
  • What are the rights of the consumers under the Virginia CDPA?
  • Which organizations are required to stay compliant with the VCDPA?
  • What are the penalties for non-compliance with the VCDPA ?
  • How to stay compliant with VCDPA?

What is the Virginia Consumer Data Protection Act?

The Virginia Consumer Data Protection Act gives consumers the right to access and control their personal information that companies possess. The consumers will have the right to request access, correct inaccuracy, and delete their personal data that is held by businesses about them. Data Processing, according to the Act, includes everything that organizations do with the consumer’s data, which is in their control. That means according to the Act, organizations are responsible for the safety of consumers' personal data right from the time they collect the data till they safely delete or erase the data. Though not explicitly mentioned, It is important to note here that if an individual's personal data is compromised because an organization failed to completely erase it from their database, they'd be held liable.  

What ‘Personal Data’ does the Act relate to?

The VCDPA refers to protecting the personal data of consumers in Virginia. The Act defines ‘Personal data’ as any information that can be reasonably associated with an identified or identifiable natural person. Data available in the public domain and anonymized data are outside the purview of the Act. 

Some examples of personal data:

  • Name
  • Email ids
  • Social security number
  • Phone numbers
  • Precise geolocations
  • IP addresses
  • Data revealing racial or ethnic origin, etc.
  • Data collected from known children
  • Biometric data that can uniquely identify an individual

What are the Rights of the consumers under Virginia CDPA?

Under the Act, consumers in Virginia have rights similar to that of California CDPA and Europe's General Data Protection Regulation (GDPR). 

The Rights include:

  • Right to Access: Knowing if their personal data is being collected by businesses.
    Withdrawing their consent and stopping the collection of their personal data.
  • Right to Correct: Accessing and amending their personal data stored by businesses to remove inaccuracies.
  • Right to Delete: Deleting their personal information.
  • Right to Opt-out: Opting out of targeted advertising, sale of their personal data, and any profiling based on their data.
  • Right to Data Portability: The Act allows consumers to access their data "in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance."

Which Organizations are required to stay compliant with the VCDPA?

It can be confusing to assess if the Virginia Consumer Data Protection Act is applicable to your organization or not. For clarification regarding the same, the Act clearly specifies which organizations are required to stay compliant. The Act is applicable to all organizations conducting business in Virginia or producing products and services for consumers in Virginia and if they:

  • Control/process the data of at least 100,000 residents of Virginia in a calendar year
  • Derive over 50% of their gross revenue from the sale of personal data and control/process the data of at least 25,000 Virginian residents.

What are the Penalties for non-compliance with the VCDPA?

The attorney general shall have the exclusive authority to enforce any violations of the Act post receiving consumer complaints against businesses. If found violating the Virginia Consumer Data Protection Act, businesses can be fined up to $7,500 for every violation, plus the attorney's charges.  They'd also be liable to bear any other charges related to expenses incurred for the inspection, etc. if deemed fit by the office of the Attorney General. For example, if any business is found compromising the data privacy of 1000 individuals, then the penalty imposed shall be USD 7.5 Million.

How to stay compliant with VCDPA?

The Act does not specify a checklist for compliance for businesses. However, it places 6 responsibilities on businesses that fall under its purview. 

The responsibilities include:

1. Businesses should have a privacy policy in place.
Organizations need to have a privacy policy in which they clearly state if they collect personal data, what data they collect, why they collect it, how is it stored and processed, and with whom it is shared. 

2. Ensure consumer rights are exercised
The Act requires businesses to help consumers understand and exercise their rights if needed. For that, lay down the rights conferred to consumers by the Act in the privacy policy or another document. Guide consumers to help them enforce those rights by giving them information about opting out and letting them know they can revoke their consent to personal data collection.

3. Minimize the data collected
Much like the GDPR's data minimization principle, the VCDPA also requires organizations to collect minimum personal data. For example, if you want people to sign up for your newsletter, asking them for their first name and email address is enough. Their date of birth, father's name, or marital status is not needed here and should not be asked for and collected as such. 

4. Take consent
While collecting data, especially about minors and some sensitive personal data, organizations need to take informed affirmation from consumers. Sensitive data here includes biometric information, credit card numbers, social security number, etc. 

5. Conduct data protection assessments
When collecting personal data, organizations should assess the benefits and risks associated with collecting such data and the measures that can be taken to minimize those risks. This assessment has to be done for data collected on or after January 1st, 2023. During the risk assessment part, organizations also need to pay attention to how they will safeguard the data against spills and leakage at the end of a device's lifecycle or when the devices change hands. 

6. Have security safeguards in place
All organizations are required to have cybersecurity measures in place to ensure that the consumer's personal data is protected from leaks and unauthorized access. It is safe to say that if organizations bear these responsibilities, they'd be able to stay compliant and avoid penalties.

How can BitRaser Data Erasure help businesses stay compliant with the Virginia Consumer Data Protection Act?

With Virginia Consumer Data Protection Act set to be effective from January 2023, compliance is paramount for businesses.  Among other things, data erasure can be an important aspect to consider. 

The Virginia Data Privacy Law mentions that organizations are responsible for data till it is safely disposed of. That means "secure data erasure" is also required for compliance. In the absence of that, sensitive consumer data can get leaked and your organization can get into a legal hot soup. With BitRaser data erasure software, you can ensure compliance on that front. How?

  • BitRaser securely erases all the data on the device beyond recovery with options to customize, automate and verify the erasure process.
  • You get verifiable, tamper-proof reports that can be used to show that data was completely erased from your end and thus helps in compliance with modern data privacy and protection laws like Virginia Data Privacy Law.
  • The solution is environment-friendly as you can still reuse or resell the device and no e-waste is generated.

Before you are imposed a fine post the enforcement of the Virginia Data Privacy Law in January 2023, make sure you fulfill all the required responsibilities and stay compliant with VCDPA. Seek help from our specialists in this regard by writing to sales@bitraser.com. 

FAQs

Does Virginia have a consumer protection law?
Yes, Virginia has a comprehensive consumer data protection law. It was passed by Governor Ralph Northam on March 2nd, 2021, which gives consumers in Virginia the right to control the use of their data.
What are the rights of the consumers under the Virginia CDPA?
The Rights under VCDPA include the Right to Access, Right to Correct, Right to Delete, Right to Opt-out & the Right to Data Portability.
What ‘Personal Data’ does the VCDPA relate to?
The VCDPA refers to protecting the personal data of consumers in Virginia. The Act defines ‘Personal data’ as any information that can be reasonably associated with an identified or identifiable natural person.
Which organizations are required to stay compliant with the VCDPA?

The Act is applicable to all organizations conducting business in Virginia or producing products and services for consumers in Virginia and if they:

  • Control/process the data of at least 100,000 residents of Virginia in a calendar year.
  • Derive over 50% of their gross revenue from the sale of personal data and control/process the data of at least 25,000 Virginian residents.
What are the Penalties for non-compliance with the VCDPA?
If found violating the Virginia Consumer Data Protection Act (VCDPA), businesses can be fined up to $7,500 for every violation, plus the attorney's charges. For example, if any business is found compromising the data privacy of 1000 individuals, then the penalty imposed shall be USD 7.5 Million.

BitRaser is NIST Certified

See All Certifications

Related Articles

Australia’s Privacy Act 1988: An Insight

Oct 29, 2021

ISO 27701 Data Sanitization Requirements

July 29, 2022

New York Privacy Act 2021: An Insight

June 23, 2021


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
Ot6WZ

I understand that the above information is protected by Stellar's Privacy Policy.

lkfpC

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...