Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

U.S. Data Privacy Legislation: Proposed & Pending Regulations

An overview of the latest laws protecting personal identifiable information

Add bookmark
Elizabeth Mixson

In a quest to provide a global overview of cyber-related legislation and regulation we have focused on Regulation through Global Data Protection and Security Laws, and APAC Data Protection and Security Laws.

This is an overview of the latest laws protecting PII in the United States:

  • Virginia

    On March 2, 2021, Virginia’s Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. Inspired by California’s CCPA regulations and the EU’s General Data Protection Regulation (GDPR), the VCDPA was designed to protect Virginia consumers and their personal data. As such, it grants Virginia residents the legal right to access, correct, delete, know, and opt-out of the sale and processing for targeted advertising purposes of their personal information.

    In addition to “personal data” (defined as “any information that is linked or reasonably linkable to an identified or identifiable natural person), the VCDPA also sets out specific protections and responsibilities for the processing of “sensitive data.” Sensitive data is defined as personal data that:

    • reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status
    • genetic or biometric data” processed “for the purpose of uniquely identifying a natural person”
    • personal data collected from a known child and precise geolocation data

    Before processing sensitive data, the “controller” must obtain consent - defined as “a clear affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement to process personal data relating to the consumer.”

    Similar to GDPR and CCPA, the VCDPA places far-reaching responsibilities on how companies access, use, store, share, disclose, or otherwise control or process their clients’ personal information. However, the it differs from these laws in 2 significant respects:

    • enforcement is left entirely up to the Attorney General 
    • it does not provide a private right of action for consumers
    • the law does not apply to employee data

    Set to be enacted on January 1, 2023, the VCDPA applies to any business that “(i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”

RECENTLY REJECTED LEGISLATION

  • Washington

    Senate Bill 5062, known as the Washington Privacy Act, was rejected by state senators for the third time on March 12, 2021. Similar to GDPR, the law grants consumers the right to access, transfer, correct, and delete the data companies collect on them. Consumers can also opt-out of targeted advertising and the sale of their personal data under the legislation.

  • New York

    Proposed for a second time on October 28, 2020, New York’s It’s Your Data Act, if passed, would create CCPA-like consumer privacy rights but with a broader private right of action. As summarized by JD Supra, “the bill would modify the state’s civil rights law to create a ‘right of privacy’ for New York State consumers (defined as state residents), which would require prior written consent and the exercise of reasonable care to use a consumer’s personal information for nearly any commercial reason.”

    Though the legislation is, in many ways, similar to GDPR and CCPA, it takes things a step further by placing a fiduciary obligation on data controllers. As a result, the It’s Your Data Act drew significant criticism and, as it stands, is currently stalled in the New York Senate.

Tags: Cyber Regulation Cyber Legislation Cyber Compliance GRC APAC VCDPA GDPR CCPA CS Hub
info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":0,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy