This bill regulates data brokers, prohibiting the acquisition of personal data for purposes such as stalking, harassment, fraud, or discrimination, and requires security measures with specific features and annual registration starting December 1, 2027. The provisions take effect on July 1, 2027.
If you operate as a data broker in Virginia, you must register annually and maintain a security program by December 1, 2027, or face penalties.
What do these statuses mean? ▼
Affected Industries
Topics How we classify →
What This Means
Virginia's HB638 aims to regulate data brokers by prohibiting the acquisition of personally identifiable information for purposes like stalking, harassment, committing fraud, or engaging in unlawful discrimination, and mandating comprehensive security programs with certain features and technical elements. The provisions take effect on July 1, 2027, with registration starting December 1, 2027.
Key Provisions
- Prohibits acquiring personally identifiable information for purposes such as stalking, harassment, committing fraud, or engaging in unlawful discrimination.
- Requires data brokers to implement a comprehensive information security program with certain features and technical elements.
- Mandates annual registration with the Secretary of the Commonwealth starting December 1, 2027.
- Defines 'data broker'.
- Establishes penalties for violations under the Virginia Consumer Protection Act, effective July 1, 2027.
Latest Legislative Action
Continued to next session in Communications, Technology and Innovation (Voice Vote)
Bill Sponsors (showing 5 of 10)
| Name | Role |
|---|---|
| Betsy B. Carr D | Primary |
| Chris L. Hurst | Primary |
| Christopher E. Collins | Primary |
| Michelle Lopes Maldonado D | Primary |
| Richard C. "Rip" Sullivan, Jr. | Primary |
Compliance Checklist
Who: Data brokers operating in Virginia.
Deadline: By December 1, 2027.
Penalty: Potential civil penalties under the Virginia Consumer Protection Act.
Who: Data brokers operating in Virginia.
Deadline: Starting December 1, 2027.
Penalty: Enforcement actions by the Attorney General for non-compliance.
Full Legal Analysis
Official Source
Related Topics
Affected Industries
More Virginia AI Legislation
More Virginia AI Laws
Browse all published AI bills and regulations for Virginia.