Controller duties
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Requires data controllers to practice data minimization, implement reasonable data security, and obtain opt-in consent for sensitive data. Mandates a clear and accessible privacy notice disclosing categories of data collected, processing purposes, sharing with third parties, and instructions for exercising rights.
Legal text (excerpt)
A controller shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer. [...] Controllers shall provide consumers with a reasonably accessible, clear, and meaningful privacy notice...
Primary source
Virginia Office of the Attorney General: § 59.1-578: Controller duties ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.