March 04, 2021

VA consumer data protection law set to take effect in 2023

data securityVirginia Gov. Ralph Northam this week signed the Virginia Consumer Data Protection Act into law. Unlike the California Consumer Privacy Act (CCPA), the Virginia bill includes language to exclude entities that are covered by the Gramm-Leach-Bliley Act (GLBA), including credit unions. It is set to take effect Jan. 1, 2023.

NAFCU has continuously advocated for a federal, national privacy and data security standard so credit unions are not subject to multiple privacy frameworks; for more information, the association developed a whitepaper that outlines a set of six key data privacy principles.

In its advocacy on the CCPA, NAFCU specifically called for an exemption for credit unions as the industry already complies with the federal GLBA for consumer data security and privacy. The association has also asked the Federal Financial Institutions Examination Council (FFIEC) to provide interagency guidance related to the GLBA to help credit unions and other financial institutions comply with data privacy laws to ensure credit unions are not unnecessarily burdened by conflicting state laws.

In addition to providing the GLBA-exemption, the Virginia legislation requires transparency for how data is collected, used, and shared, as well as the disclosure of certain data held regarding individual consumers upon request.

For entities not covered by the GLBA, such as some credit union service organizations (CUSOs), the law will apply to those that control or process personal data of:

  • at least 100,000 Virginia residents; or
  • 25,000 Virginia residents and derives over 50 percent of gross revenue from the sale of personal data.

Relatedly, President Joe Biden signed a proclamation this week recognizing National Consumer Protection Week.

"My Administration will make it a priority to ensure that companies providing these and other services honor consumer expectations regarding their privacy and their data," Biden's proclamation states. "We will pursue fraudulent actors aggressively, and work to raise the bar on digital security standards as new innovations are introduced…My Administration will make sure that Americans in every community have access to the educational resources they need to make informed choices online – including resources to help them protect their privacy and recognize, avoid, and report fraudulent schemes."

The Federal Trade Commission (FTC) has several resources available to bring awareness to consumer rights and financial literacy. The FTC today is hosting a joint webinar with the CFPB and AARP at 1 p.m. Eastern focused on senior scams and elder fraud abuse, specifically reviewing coronavirus-related and tech-support scams.

NAFCU met with the CFPB’s Office of Older Americans last year to discuss areas where additional resources could benefit members during the pandemic. The Office of Older Americans has published various resources covering a wide-range of topics related to the pandemic, and the Financial Crimes Enforcement Network (FinCEN) continues to keep financial institutions informed of evolving fraud trends.