As 2022 draws to a close, it is important to keep in mind that key state-level regulations on consumer and employee data privacy will become effective as soon as 2023 begins. Data security measures, personal data processing activities and privacy policies of businesses covered by the regulations are now proscribed specific standards and requirements in recognition of the consumer rights created by each of the Acts. As a result, businesses need to ensure that their policies and practices are adjusted to address the increased privacy risk.

The Virginia Consumer Data Protection Act (“VCDPA”) will go into effect on January 1, 2023. This statute requires companies who operate in Virginia or target Virginia consumers (whether or not the company is located in Virginia) and collect personal information from more than 100,000 Virginia consumers annually to meet certain cybersecurity requirements and to offer certain privacy rights to those consumers, such as the right to opt-out. For more specifics on the VCDPA read on here.

The California Privacy Rights Act (“CPRA”) also goes into effect on January 1, 2023. This statute applies to any business that collects the personal information of a California resident if that business meets one of the following three criteria:  (1) had annual gross revenues in excess of twenty-five million dollars ($25,000,000) in the preceding calendar year; (2) alone or in combination, annually buys, sells, or shares the personal information of 100,000 or more California consumers or, households; or (3) derives 50 percent or more of its annual revenues from selling or sharing California consumers’ personal information.  These businesses must meet certain disclosure and cybersecurity requirements and must offer certain privacy rights to those consumers.  Subject to certain exceptions, these rights include the right by the consumers to know what information is collected about them, the rights to correct and delete their personal information, the right to opt-out of the sale or sharing of their personal information and the right to limit the use of their sensitive personal information.  Read on for more specifics on the CPRA here.

Our Data Privacy & Security team can assist with drafting privacy policies that are consistent with the Virginia CDPA and the CPRA. Contact us today to learn more.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Janet P. Peyton Janet P. Peyton

Janet currently serves as the firm’s office managing partner for the Richmond office. She practices in the areas of intellectual property and data privacy and security. Janet provides worldwide brand protection, enforcement, licensing and transactional IP services, and she assists clients with preventive…

Janet currently serves as the firm’s office managing partner for the Richmond office. She practices in the areas of intellectual property and data privacy and security. Janet provides worldwide brand protection, enforcement, licensing and transactional IP services, and she assists clients with preventive data security as well as compliance issues in the aftermath of a data breach.

Read more about Janet P. Peyton
Show more Show less
Photo of Payam Khodadadi Payam Khodadadi

Payam graduated from law school in the top 3% of his graduating class. Payam practices in the areas of data privacy and security, restructuring and insolvency, and complex litigation. In each year from 2013 through 2020, Payam was selected by the prestigious Super…

Payam graduated from law school in the top 3% of his graduating class. Payam practices in the areas of data privacy and security, restructuring and insolvency, and complex litigation. In each year from 2013 through 2020, Payam was selected by the prestigious Super Lawyers publication as a “Rising Star.”

Read more about Payam Khodadadi
Show more Show less
Photo of Andrew Konia Andrew Konia

Andrew’s practice is singularly focused on protecting clients’ businesses and data, anticipating disputes, and strengthening their competitive position in the marketplace. As chair of the firm’s data privacy and security team, Andrew leads a nationally recognized team of professionals dedicated to protecting clients’…

Andrew’s practice is singularly focused on protecting clients’ businesses and data, anticipating disputes, and strengthening their competitive position in the marketplace. As chair of the firm’s data privacy and security team, Andrew leads a nationally recognized team of professionals dedicated to protecting clients’ systems, networks and data, managing information, and responding to cyber incidents.

Read more about Andrew Konia
Show more Show less
Related Posts
Halloween Reminder – Don’t Get Haunted by Hacks
October 29, 2025
California’s CIPA Jurisprudence Is Unworkable: The Legislature Should Fix It—Starting With SB 690
October 24, 2025
New CCPA Rules Are Here: Is Your Business Ready for What’s Next?
October 8, 2025