Advertising Law Tool Kit - Tenth Edition | 2022

56 / Venable Privacy and Data Security – State Privacy Laws (CCPA, CPRA, CPA, and VDCPA) In 2021, Virginia passed the Virginia Consumer Data Protection Act (VDCPA), and Colorado Passed the Colorado Privacy Act (CPA), both of which take effect in 2023, and with other states considering similar legislation, it is critical that organizations take these initial steps toward compliance: • Assess your data collection and use practices. • Create or update your data map. • Conduct a gap analysis to identify whether your policies and practices meet the requirements of the CCPA, which takes effect on January 1, 2023, with an enforcement start date of July 1, 2023; but note that its new requirements will apply to personal information collected on or after January 1, 2022. • Do the same for the CPRA, the VDCPA (effective January 1, 2023), and the CPA, which takes effect on July 1, 2023. • Develop a compliance road map based on gaps identified. • Review your privacy policy to meet the requirements of the CCPA. Create internal policies to document your compliance processes, including service provider agreements required under the CCPA. • Conduct employee training and raise awareness of the CCPA in your company. • Keep a close eye on ongoing rulemaking for the CCPA, the development of a new enforcement agency under the CPRA, and developments in Congress and in other states. Companies that have prepared to comply with the European Union’s General Data Protection Regulation (GDPR) have an advantage when it comes to CCPA compliance, but there is more work to be done. We are experienced with guiding clients through both regimes.