Skip to main content
Menu Icon
Close

In The News

Amanda R. Lawrence and Sasha Leonhardt extensively quoted in Cybersecurity Law Report article, “Familiar and fresh mandates in Virginia’s new privacy law”

Cybersecurity Law Report

Amanda R. Lawrence, Sasha Leonhardt

Amanda R. Lawrence and Sasha Leonhardt were extensively quoted in the Cybersecurity Law Report article, “Familiar and fresh mandates in Virginia’s new privacy law,” which reported on the recently enacted Virginia Consumer Data Protection Act and how it is similar to and yet differs from the California Consumer Privacy Act and the EU’s General Data Protection Regulation.

Lawrence noted some ways in which the Virginia law was different: “Unlike the CCPA, it does not have a revenue threshold that applies nationwide or globally. Thus, a portion of companies that must comply with California’s law may escape Virginia’s.”

She also added that, “Financial firms will be gratified that Virginia exempts entities covered by the Gramm-Leach-Bliley Act. All data collected by these enterprises will be exempt, whereas the CCPA only exempted GLBA-regulated information.”

With regard to data assessments, Leonhardt noted, “Initially, companies that already conduct assessments for GDPR likely can re-deploy those because the VDCPA explicitly permits assessments conducted to comply with other laws if the scope and effects are similar. In the long run, however, one must treat GDPR and Virginia as distinct legal regimes.”

Click here to read the full article Subscription required.