HB638 VA introduced

Data brokers; regulation, civil penalties.

privacy

Plain-English summary

1. **ONE-SENTENCE SUMMARY:** This bill regulates data brokers in Virginia, prohibiting fraudulent acquisition and use of personal information while requiring them to implement security measures and register annually.

2. **KEY REQUIREMENTS:**
   - Do not acquire or use personal information through fraudulent means.
   - Avoid using personal information for stalking, harassment, fraud, or unlawful discrimination.
   - Develop and maintain a comprehensive information security program.
   - Register annually with the Secretary of the Commonwealth starting December 1, 2027.

3. **DEADLINES:**
   - Effective Date: July 1, 2027.
   - Registration Deadline: December 1, 2027, and annually thereafter.

4. **PENALTIES:**
   - Violations are considered prohibited practices under the Virginia Consumer Protection Act, which can lead to civil penalties.

5. **SMB IMPACT:** Small businesses that act as data brokers will need to invest in security measures and ensure compliance with registration requirements, which may require additional resources and planning. Non-compliance could result in legal penalties that could impact their operations.

Source description

Regulation of data brokers; civil penalties. Prohibits a person from acquiring personally identifiable information, defined in the bill, through fraudulent means or acquiring and using such information for the purpose of (i) stalking or harassing another person; (ii) committing a fraud, including identity theft, financial fraud, or email fraud; or (iii) engaging in unlawful discrimination, including employment discrimination or housing discrimination. The bill requires a data broker, defined in the bill, to develop, implement, and maintain a comprehensive information security program that includes certain features and technical elements. The bill also requires a data broker operating in the Commonwealth, beginning on December 1, 2027, and annually thereafter, to register with the Secretary of the Commonwealth. The bill provides that a violation of its provisions constitutes a prohibited practice under the Virginia Consumer Protection Act. The bill has a delayed effective date of July 1, 2027.

Not legal advice. Summaries are generated by AI from publicly available bill text and may contain errors or omissions. Always consult counsel before making compliance decisions.