Privacy
Virginia CDPA
Virginia's CCPA-shaped privacy law. Applies if you process the data of 100K+ Virginia residents (or 25K+ if you derive 50%+ revenue from selling data). No private right of action — Virginia AG enforces.
What it is
The Virginia Consumer Data Protection Act, effective 1 January 2023. Grants Virginia residents rights to access, delete, correct, port, and opt out of sale and targeted advertising. Closely tracks CCPA/CPRA but uses the GDPR-style controller/processor vocabulary. Enforced exclusively by the Virginia AG with a 30-day cure period.
Why it matters
Civil penalties up to $7,500 per violation. Most multi-state SaaS and e-commerce sites already in CCPA scope will hit Virginia thresholds — a unified opt-out and privacy policy generally covers both.
Who it applies to
Virginia residents — applies to controllers processing 100K+ Virginia consumers, or 25K+ where 50%+ of revenue comes from selling personal data.
- Jurisdictions: United States
How WQI scores it
Web Quality Index considers this standard satisfied when all of the 4 supporting factors pass.
| # | Factor | Status |
|---|---|---|
| 46 | Cookie banner presence + CMP detection | planned |
| 47 | Privacy policy page presence | planned |
| 50 | CCPA "Do Not Sell or Share My Personal Information" link | planned |
| 51 | Cookie scan — actual cookies set on first load | planned |
0 of 4 supporting factors are currently collected. Sites where the remaining 4 haven't been measured will show as partial or unknown on this standard until the data lands.
Related standards
Standards that share factors with this one
Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.
Other references
- regulation Virginia AG — Consumer Privacy resources