Embracing The Virginia Model Of Consumer Privacy Law

Navigating changing consumer privacy laws can feel like chasing a moving target. Nineteen states have now enacted consumer privacy legislation, and while some, like California and Texas, have introduced unique thresholds, many have adopted what’s known as the "Virginia model." In this post, we’ll explore how simplifying your strategy could save you time, money, and legal headaches while setting you apart as a privacy-forward company.

To be subject to a “Virginia-style” consumer privacy law, an entity (usually a for-profit, but not always- thanks Colorado) must control or process the personal data of at least 100,000 consumers from that state in a calendar year or the personal data of at least 25,000 consumers, while deriving over 50 percent of their gross revenue from the sale.

This makes applicability analysis a little easier, a small relief given that a federal privacy law keeps getting squashed by big tech over targeted advertising. 

But a dirty secret of privacy law compliance is that, while consumers have all these new privacy rights, not many choose to exercise them. 

So, why not make future compliance easy on your company and offer a standard set of privacy rights to all your consumers, no matter where they live? Whenever I give this option, I can see marketing folks panic while IT sighs in relief. I’m not saying it works for every company, but if you’re feeling overwhelmed by all these new state laws, uniformity can save time and money. 

Need assistance with this?

Email Thomas Codevilla at: codevilla@skandslegal.com for help ensuring your organization is prepared for data privacy compliance.