The Virginia Consumer Data Protection Act was signed into law March 2, making the state second, behind California (California Consumer Privacy Act), in creating a data privacy law not unlike the General Data Protection Regulation (GDPR) in the European Union.
A similar law is currently pending in the state of Washington (the Washington Privacy Act).
It has long been anticipated that the trend—which was paused by COVID-19 in 2020—toward state-level privacy protections will continue.
As we put COVID in the rearview mirror, more and more states will adopt this new approach to privacy. On the whole, for International Secure Information Governance & Management Association (i-SIGMA) members, this could lead to significant growth.
It also could lead to a national privacy law.
The creation of a national data protection and breach notification law in the U.S. has struggled over the past two decades. The momentum behind the current trend may finally be enough to make it happen.
It is worth noting that this trend directly led to new Data Subject Response Policy requirements in National Association for Information Destruction (NAID) AAA and Professional Records and Information Services Management (PRISM) Privacy+ certifications. Further adjustments are likely as i-SIGMA fulfills its responsibility to ensure service provider compliance.
Bob Johnson is the chief executive officer of the International Secure Information Governance & Management Association (i-SIGMA), Phoenix, which is a trade association that enforces standards and ethical compliance for about 2,000 secure data destruction and information management service providers on six continents.