Data privacy bills died in Virginia’s House of Delegates today, January 29, 2020.  Two of them will almost certainly be back next year.

HB 473, patroned by Delegate Mark Sickles (D-43^rd District), gave consumers the right to access their data and determine if it had been sold to a data broker.  HB 952, patroned by Delegate Hala Ayala (D-51^st District), permitted minors to request removal of online posts and barred online marketing of restricted products, such as tobacco, to minors (full disclosure: Dunlap Law counsels Delegate Ayala on data privacy legislation and we helped draft HB 952).

Delegate Hala Ayala, patron of HB 952.

Currently, Virginia has several laws related to data privacy and security but they are scattered throughout the Code and are not comprehensive.  Title 2.2 includes the Virginia Data Act that limits government collection, storage, sharing, use, and disposal of data.  Meanwhile, Title 18 includes Virginia’s laws on data breach and “computer trespass.”   For more information on Virginia’s law regarding data breaches, check out our blog post here.

Perhaps in recognition of the complexity involved in regulating data privacy and security, Delegate Cliff Hayes (D-77^th District), the Chair of the Committee on Communications, Technology and Innovation opted to send privacy-related bill for study.  That decision effectively killed them for the 2020 General Assembly session.

We also anticipate that the General Assembly will order a thorough review and report of how Virginia Code currently treats data privacy and security issues.  California’s new law, the CCPA, appears to have drawn interest from legislators in the Old Dominion.  From what we hear, legislators want a complete understanding of how Virginia regulates data privacy and security before they put forward more bills intended to protect Virginians.  This review is good news and we look forward to tracking it.

Here are summaries of HB 473 and HB 952.