§ 59.1-578StatuteReference only

Controller duties

Effective January 1, 2023Reviewed July 2026

Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.

What it requires

Requires data controllers to practice data minimization, implement reasonable data security, and obtain opt-in consent for sensitive data. Mandates a clear and accessible privacy notice disclosing categories of data collected, processing purposes, sharing with third parties, and instructions for exercising rights.

Legal text (excerpt)

A controller shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer. [...] Controllers shall provide consumers with a reasonably accessible, clear, and meaningful privacy notice...

Virginia Consumer Data Protection Act: § 59.1-578, Statute, effective 2023

Primary source

Virginia Office of the Attorney General: § 59.1-578: Controller duties

Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.

Stop Guessing. Start Knowing.

Find out exactly where your website stands before a regulator does.

Get My Compliance Audit