Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Virginia
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
Up to $150,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Virginia Privacy Law Information

BREACH REPORTING

For breaches involving notification of more than 1,000 persons at one time, breach reporting is required, without unreasonable delay, to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, and additional information must be provided to the Attorney General. If any state residents are affected by a breach of security, the breached Organization must give notice without delay to the affected individuals and the Attorney General. Regulatory reporting and consumer notifications must include specific information regarding a breach incident.

CONSUMER NOTIFICATION

If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must report to the Organization without delay after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

INDUSTRY SPECIFIC LAWS

Virginia passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2020, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days. Additional laws exist regarding medical breaches, with notification made to the Office of the Attorney General, the Commissioner of Health, and any affected resident of the Commonwealth without unreasonable delay.

FINES & PENALTIES

The state Attorney General has the enforcement and authority to bring an action to address violations and impose civil penalties up to $150,000 per breach or series of breaches. Individuals also have the right to recover direct economic damages due to violations.

Virginia Statutes and Laws

VA. CODE § 18.2-186.6

Breach of personal information notification

VA. CODE § 32.1-127.1:05

Breach of medical information notification

VA. CODE § 38.2, CH. 6, ART. 2

Insurance data security act

VA. CODE §§ 59.1-442 – 59.1-444

Personal Information Privacy Act

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.