§ 59.1-583. (Effective January 1, 2023) Investigative authority
Whenever the Attorney General has reasonable cause to believe that any person has engaged in, is engaging in, or is about to engage in any violation of this chapter, the Attorney General is empowered to issue a civil investigative demand. The provisions of § 59.1-9.10 shall apply mutatis mutandis to civil investigative demands issued under […]
§ 59.1-584. (Effective January 1, 2023) Enforcement; civil penalty; expenses
A. The Attorney General shall have exclusive authority to enforce the provisions of this chapter. B. Prior to initiating any action under this chapter, the Attorney General shall provide a controller or processor 30 days’ written notice identifying the specific provisions of this chapter the Attorney General alleges have been or are being violated. If […]
§ 59.1-578. (Effective January 1, 2023) Data controller responsibilities; transparency
A. A controller shall: 1. Limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer; 2. Except as otherwise provided in this chapter, not process personal data for purposes that are neither reasonably necessary to […]
§ 59.1-579. (Effective January 1, 2023) Responsibility according to role; controller and processor
A. A processor shall adhere to the instructions of a controller and shall assist the controller in meeting its obligations under this chapter. Such assistance shall include: 1. Taking into account the nature of processing and the information available to the processor, by appropriate technical and organizational measures, insofar as this is reasonably practicable, to […]
§ 59.1-580. (Effective January 1, 2023) Data protection assessments
A. A controller shall conduct and document a data protection assessment of each of the following processing activities involving personal data: 1. The processing of personal data for purposes of targeted advertising; 2. The sale of personal data; 3. The processing of personal data for purposes of profiling, where such profiling presents a reasonably foreseeable […]
§ 59.1-576. (Effective January 1, 2023) Scope; exemptions
A. This chapter applies to persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and […]
§ 59.1-577. (Effective January 1, 2023) Personal data rights; consumers
A. A consumer may invoke the consumer rights authorized pursuant to this subsection at any time by submitting a request to a controller specifying the consumer rights the consumer wishes to invoke. A known child’s parent or legal guardian may invoke such consumer rights on behalf of the child regarding processing personal data belonging to […]
§ 59.1-573. Civil penalties
Any person who violates any provision of this chapter is subject to a civil penalty of $5,000 and an additional $1,000 for each day the violation continues. Such penalty shall be collected by the Attorney General and the proceeds shall be deposited into the Literary Fund. 2021, Sp. Sess. I, cc. 113, 114.
§ 59.1-574. Local regulation prohibited unless identical
No locality may establish or continue any regulation relating to cosmetic animal testing that is not identical to the provisions set forth in this chapter. 2021, Sp. Sess. I, cc. 113, 114.
§ 59.1-575. (Effective January 1, 2023) Definitions
As used in this chapter, unless the context requires a different meaning: “Affiliate” means a legal entity that controls, is controlled by, or is under common control with another legal entity or shares common branding with another legal entity. For the purposes of this definition, “control” or “controlled” means (i) ownership of, or the power […]