Back to Learning Center
Subscribe
Join 40,000+ sales and marketing pros who receive our weekly insights, tips, and best practices.
Thank you! You have been subscribed.
Learning Center
Learning Center
Close
The IMPACT Learning Center

Free resources to help you master inbound marketing and They Ask, You Answer

Access the Learning Center

Access the Learning Center

Access the Learning Center
learning_center_grey__What is They Ask, You Answer-v2-black

What is They Ask, You Answer

What is <span>They Ask, You Answer</span>
Articles, Podcasts, & Updates

Articles, Podcasts, & Updates

Articles, Podcasts, <span>& Updates</span>
Free Courses & Certifications

Free Courses & Certifications

Free Courses & <span>Certifications</span>
On-Demand Keynotes & Sessions

On-Demand Keynotes & Sessions

On-Demand <span>Keynotes & Sessions</span>
Events
Events
Close
IMPACT+ Membership
IMPACT+ Membership
Close
Services
Services
Close
Navigation_8_2021_taya

They Ask, You Answer Coaching & Training

They Ask, You Answer Coaching & Training
They Ask, You Answer Workshop

They Ask, You Answer Workshop

They Ask, You Answer Workshop
Navigation_8_2021_workshop

Inbound Marketing Services

Inbound Marketing Services
Navigation_8_2021_website design - monitor

Website Design & Development

Website Design & Development
Navigation_8_2021_hubspot implementation

HubSpot Training & Implementation

HubSpot Training & Implementation
Navigation_8_2021_virtual selling

Virtual Sales
Training

Virtual Sales <br>Training
Navigation_8_2021_swell - paid ads

Paid Search & Social Services

Paid Search & Social Services
Become a Certified Coach
Become a Certified Coach
Close
Website Design

Virginia Consumer Data Protection Act (VCDPA) is now law, but so what?

The Virginia Consumer Data Protection Act was signed into law on March 3 – and if you do business in the Commonwealth, you need to know about this.

By Liz Moorehead

Virginia Consumer Data Protection Act (VCDPA) is now law, but so what? Blog Feature

Attention business owners with websites... which, is pretty much all of you.

In a surprise to absolutely no one, yet another state has rolled out a data privacy law – and this time it's the Commonwealth of Virginia. Following in the footsteps of its legislative predecessors (e.g. California's CCPA), Virginia's Senate Bill 1392 is centered around the singular goal of protecting consumer data:

"It is time that we find a meaningful way of protecting the citizens of the Commonwealth of Virginia’s data .… Virginia is in a unique position to be a leader on this issue. There’s a huge amount of the data on the internet that flows through the commonwealth. Privacy is not a new issue."

– State Senator David Marsden

Although signed into law on March 3, this will not take effect until January 1, 2023

Is your company affected by the VCDPA?

This new law applies to you if you do business in Virginia, or if you sell products or services that target residents of the Commonwealth and:

  1. You process or control data for 100,000 or more residents of Virginia, or
  2. You process or control data for 25,000 or more residents of Virginia and earn 50% revenue (gross) from the sale of personal data.

Exemptions include organizations subject to HIPAA, higher education, and nonprofits, as well as financial institutions or data subject to the Gramm-Leach-Bliley Act.

🔎 Related: GDPR and data privacy one year later, what we've learned so far

How are 'personal data' and 'processing' defined in the VCDPA?

"Personal data" is defined generally as "any information that is linked or reasonably linkable to an identified or identifiable natural person. [It] does not include de-identified data or publicly available information."

🔎 Related: Google releases new security controls for Chrome users

"Process" and "processing" are defined as "any operation or set of operations performed, whether by manual or automated means, on personal data or on sets of personal data, such as the collection, use, storage, disclosure, analysis, deletion, or modification of personal data."

What rights do your Virginia buyers have under this new law?

  • Choosing whether or not their personal data is accessed and/or processed
  • Correcting errors in personal data
  • Deleting personal data
  • Obtaining a copy of personal data in a portable, ready-to-use (if possible) format, so it can be transferred to another "controller"
  • Opting out of processing personal data for the purposes of targeted advertising, the sale of personal data, or any other profiling 

Additionally, your buyers in Virginia will have the right to have you respond within 45 days to any requests regarding their privacy rights. This is why you've got such a big heads up that this is going into effect, folks – "the time to hesitate is through," etc.

Also, "controllers" (that's you, if you fall under the scope of this bill) will have data protection assessment obligations – if you're familiar with GDPR, you've definitely heard of these before

Now is the time to update and streamline your processes.

🔎 Related: Your visitors will see your forms aren't secure with new Google update

What will you now need to disclose in your privacy policy to be VCDPA-compliant?

If you're subject to this new law, here is what you now need to include in your privacy policy disclosure:

  • Personal data categories you process
  • Your specific reasons for processing that data
  • How your buyers can exercise their privacy rights (including the appeals process)
  • At least one secure avenue for buyers to exercise those rights
  • What data (if any) that you share with third-party entities
  • If you do (or don't) sell data for advertising targeting
  • How consumers can opt out of processing for targeted ads

🔎 Related: If COVID-19 forced your business online, update your privacy policy

OK, so what does this all mean for you?

Well, in addition to the obvious – updating your privacy policy, and implementing new processes and procedures to support consumer privacy-related requests – IMPACT Director of Community and Events Stephanie Baiocchi had this to say...

(Tools recommended below and links therein may provide IMPACT with compensation for signups. This in no way affects IMPACT's recommendation of the tools.)

"As individual states continue to roll out their own privacy laws (California, Nevada, Virginia, and more), it can start to feel overwhelming to keep track of all the compliance requirements.

However, the ultimate goal of all of these laws is very similar: to protect consumers’ data.While each law may have unique compliance requirements, all of the privacy laws in the United States are focused on protecting consumers’ personal data through a combination of disclosures and practices.

Just like you know inherently not to buy lists of emails and bulk email them without the recipients’ permission, you know not to take consumer data without permission or use it wrongly. Or, throughout the rollouts of these laws, you will learn.

It’s usually a combination of explicitly communicating what data you’ll be using and how, allowing consumers to obtain and request deletion of this data, and allowing consumers to opt out of their personal data being used moving forward.

Using a tool like Termageddon can help keep your privacy policy updated automatically when laws change. However, you do still need to make sure someone is responsible for making sure your data practices actually change when required.

Granted, this law won’t fully go into effect until January 1st, 2023. But if you can get on top of these changes as they roll out you’ll be less likely to forget or miss the date in the future. It’s very important someone at your organization (or an external consultant) owns making sure privacy laws are followed. Not only will it build trust with your audience but it will save you from incurring hefty fines."

Stephanie's right about the fines, by the way. According to the VCDPA, violators will be subject to (up to) a $7,500 fine per violation. 

Even if you're not in Virginia, if you haven't been paying attention to data privacy legislation up to this point, now is the time. Florida, Minnesota, New York, Oklahoma, and Washington all have similar bills working their way through state legislatures.

Topics:

Website Design
Data Security
For Organizational Leaders
Published on March 8, 2021

Recent Articles

9 Crucial Elements Every Homepage Should Have [+Video]

By Ramona Sukhraj on October 21, 2021
6 min read

5 Prep Secrets for a Smoother, More Successful Website Project (+ Infographic)

By John Becker on October 14, 2021
7 min read

Google shares new tools to audit website user experience

By Paul D. Grant on August 12, 2021
3 min read

New HubSpot CMS Hub starter tier released for growing businesses

By Paul D. Grant on August 6, 2021
4 min read

They Ask, You Answer and diversity, equity, and inclusion (Content Lab, Ep. 55)

By Liz Moorehead on July 29, 2021
2 min read

ICYMI: Digital marketing news update for July 26, 2021

By Liz Moorehead on July 26, 2021
6 min read

ICYMI: Digital marketing news update for July 19, 2021

By Liz Moorehead on July 19, 2021
6 min read

What the heck is going on with all the Google updates? (Content Lab, Ep. 54)

By Liz Moorehead on July 15, 2021
1 min read

8 best business website designs (updated for 2021)

By Sam Lauron on July 15, 2021
5 min read

ICYMI: Digital marketing news update for July 12, 2021

By Liz Moorehead on July 12, 2021
5 min read

Too many internal links in content can confuse Google about site structure

By Liz Moorehead on July 9, 2021
5 min read

Google July 2021 core update rolling out over next 2 weeks

By Liz Moorehead on July 2, 2021
4 min read

6 tips for building a great diversity and inclusion page (+examples)

By Ramona Sukhraj on June 29, 2021
7 min read

Google punts third-party cookie ban to 2023 for 'responsible planning'

By Liz Moorehead on June 25, 2021
6 min read

Finally, Google page experience core update is rolling out

By Liz Moorehead on June 18, 2021
3 min read

8 business blog design examples that keep readers engaged

By Steve Polito on June 16, 2021
6 min read

What is a featured snippet? [Definition + Examples]

By Kevin Church on June 10, 2021
4 min read

Google June 2021 core update live, July core update coming

By Liz Moorehead on June 4, 2021
3 min read

Google's June page experience core update will be mobile first, then desktop

By Liz Moorehead on May 21, 2021
3 min read

Why is growth-driven website design so freaking expensive?

By Daniel Escardo on April 14, 2021
5 min read

Strategy-driven website redesign: 5 IMPACT-built websites that solve client challenges

By John Becker on April 7, 2021
4 min read

10 Google Analytics metrics you absolutely must track (updated)

By Magdalena Day on March 29, 2021
5 min read

29 Best Contact Us Page Examples To Inspire Yours [Updated for 2021]

By Melissa Smith on March 25, 2021
17 min read

Website Performance Mastery: A better redesign process for your business website

By John Becker on March 24, 2021
6 min read

How much does a website design or redesign cost in 2021?

By Vin Gaeta on March 23, 2021
9 min read