New State Privacy Laws in Virginia and Colorado

In the absence of federal privacy legislation and in response to growing public concern over businesses’ use of personal data here in the U.S., more states are filling the void that exists in the area of consumer privacy protection. Earlier this year, Virginia passed the Virginia Consumer Data Protection Act (CDPA), and more recently, Colorado introduced the Colorado Privacy Act (CPA) on July 7th, 2021. Both of these laws will take effect in 2023.

In addition, privacy legislation is currently under consideration in Washington, New York and Minnesota. For companies who do business throughout the U.S., the onerous compliance obligations presented by this patchwork of privacy laws might best be managed by complying with the most restrictive requirements across the board, rather than trying to implement and manage state-by-state requirements.

Side-by-Side Comparison
This chart summarizes and compares the privacy laws in California, Virginia and Colorado. These summaries are meant to highlight the main requirements of these laws, and are not comprehensive. Companies should work with their lawyers to create a compliance program that best suits their needs.

If your business is impacted by Virginia’s CDPA, Colorado’s CPA, or both, it is important to review your privacy policies and practices and prepare for compliance by 2023. We are happy to help. If you have questions about the CA, VA or CO privacy laws and how they may impact your company, please contact Virginia Fournier at vfournier@outsidegc.com or (408) 891-8607.

A member of our California team, Virginia Fournier is a seasoned technology attorney with over 25 years of legal and business experience in the industry. She regularly handles a wide range of technology-related matters, including negotiating and drafting complex licensing agreements, compliance, data security and privacy, and intellectual property issues.