8 months ago

The Virginia Consumer Data Protection Act (VCDPA) was thehttps://iapp.org/resources/article/us-state-privacy-legislation-tracker/ comprehensive consumer privacy law passed in the United States. Commercial organizations that conduct business in Virginia and process consumer data will be the most affected by the VCDPA. https://www.upguard.com/product/vendorrisk>What is the Virginia Consumer Data Protection Act (VCDPA)?

Under the VCDPA, controllers must follow the following regulations: Practice data minimization by only collecting personal data that is reasonably necessary and relevant Ensure the https://www.upguard.com/blog/cia-triad of personal data protection by implementing and maintaining adequatehttps://www.upguard.com/blog/data-security practices Establish a system consumers can access to submit requests and exercise their rights granted under the law Promptly assess, authenticate, and process any applicable consumer requests that are received Promptly disclose the sale of personal data to any third party and provide customers a means to opt out of such processing Provide consumers with a clear and meaningful privacy notice that details what types of personal data the controller is collecting, how a processor will use this data, and how this data can be accessed

The act also requires all data controllers and processors to draft and sign a data processing agreement before processing any consumer data.