Scope; exemptions
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Establishes applicability thresholds for businesses targeting Virginia residents, requiring compliance for entities processing data of 100,000+ consumers, or 25,000+ consumers if over 50% of gross revenue comes from selling personal data. Provides exemptions for government entities, HIPAA-covered entities, GLBA financial institutions, and nonprofits.
Legal text (excerpt)
This chapter shall apply to persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process the personal data of at least 100,000 consumers or (ii) control or process the personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.
Primary source
Virginia Office of the Attorney General: § 59.1-576: Scope; exemptions ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.