Virginia is poised to join California in enacting comprehensive privacy legislation to protect its citizens.
Unlike the EU, the US does not have national privacy legislation. As a result, California was the first state to pass such legislation to protect its own citizens. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. An updated California Privacy Rights Act (CPRA) was approved by voters on November 3, 2020 and goes into effect January 1, 2023. The CPRA builds on the CCPA, adding additional protections.
Virginia is now on the verge of passing its own privacy legislation, according to Reuters. The Virginia Senate has passed a version of the bill, following the Virginia House’s passage of its own bill a week earlier. The next step is for legislators to reconcile the two bills and pass the reconciled version, which shouldn’t pose a problem since the two bills are almost identical. Once the governor signs the bill into law, it will go into effect January 1, 2023.
Another state privacy law will further complicate things for companies that will have to abide by multiple state laws. Some companies were already applying the CCPA to all US customers and may decide to do the same with Virginia’s law, should it go into effect.
Either way, if Virginia passes its own privacy legislation, it will increase pressure on the US government to pass comprehensive federal privacy legislation.