Ask Reggi Your Question Now
Can you summarize SB 1392?
Senate Bills > Consumer Data Protection Act; personal data rights of consumer, etc.
Short Summary
The Consumer Data Protection Act applies to persons conducting business in the Commonwealth or producing products or services targeted to residents of the Commonwealth. It establishes consumer rights, including the right to access personal data, correct inaccuracies, delete personal data, obtain a copy of personal data, and opt out of certain processing activities. The Act imposes responsibilities on controllers, such as limiting the collection of personal data, establishing data security practices, and providing clear privacy notices. Processors must adhere to the instructions of controllers and assist in meeting obligations. The Act also requires data protection assessments for certain processing activities and establishes a Consumer Privacy Fund. Exemptions include government entities, financial institutions subject to Gramm-Leach-Bliley Act, covered entities under HIPAA, nonprofits, and higher education institutions. Non-compliance may result in civil penalties.
Whom does it apply to?
Persons that conduct business in the Commonwealth or produce products or services targeted to residents of the Commonwealth
What does it govern?
Consumer Data Protection Act
What are exemptions?
Body, authority, board, bureau, commission, district, or agency of the Commonwealth or any political subdivision, financial institution or data subject to Title V of the federal Gramm-Leach-Bliley Act, covered entity or business associate governed by HIPAA, nonprofit organization, institution of higher education
What are the Penalties?
Civil penalties of up to $7,500 for each violation
Jurisdiction
Virginia