NT Analyzer Navigates Virginia’s New Privacy Law

Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key.

Requirements

Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified or identifiable natural person.” The law also requires controllers to conduct a data protection assessment and implement technical data security practices.

In additional to traditional personal data, CDPA’s “personal data” can include – at a technical level:

Device identifiers
Advertising identifiers
Cookies
Geolocation
Telcom-related IDs (e.g, SIM card serial number)
IP address
In-range WiFi BSSIDs (i.e., hardware addresses for in-range local networks and connected devices)
In-range WiFi SSIDs (i.e., network names for in-range local networks)
Social network IDs (e.g., Facebook’s ‘c_user’ value).

Since the vast majority of this data comes from a consumer’s device, and not an organization’s own data centers, organizations are largely blind to the collection and sharing of this personal data (despite being legally responsible for the data).

NT Analyzer’s CDPA Solution

Like our existing CCPA solution, our CDPA solution enables organizations to determine the full scope of data sharing and collection associated with their apps, websites, and IoT. The new module aligns with the CDPA’s law requirements and nuances.

For example, it categorizes parties and personal data through the lens of the CDPA, allowing organizations to determine if: (1) the data collected qualifies as “personal data” (including “sensitive data”) under the law (both traditional and technical data); (2) the receiving party qualifies as a “third party” or “processor”; and/or if the “personal data” shared qualifies as ‘targeting advertising” and/or a “sale” under the law.

Importantly, since the CDPA requires controllers to conduct a data protection assessment and implement technical security practices, the module also informs organizations if certain privacy policy disclosures need to be made, if agreements need to be put in place, and/or if the data in-transit is adequately protected (e.g., encrypted).

Legal compliance requires a technical solution and as laws like the CDPA continue to come to light, it is important organizations have a technical solution in their tool belts to ensure proper compliance. This will help them keep their consumers’ trust, as well as avoid PR and legal exposure.

For more information on the general legal backdrop of the CDPA, please read the Data Protection Report’s article.

Cookie	Type	Duration	Description
CONSENT	local	Persistent cookie	GDPR consent view status id
cookielawinfo-checkbox-advertisement	local	Persistent cookie	This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category Advertisement.
cookielawinfo-checkbox-analytics	local	Persistent cookie	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category ''Analytics''.
cookielawinfo-checkbox-necessary	local	Persistent cookie	This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category ''Strictly Necessary''.
cookielawinfo-checkbox-performance	local	Persistent cookie	This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category Performance.
viewed_cookie_policy	local	Persistent cookie	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
guest_id	Twitter	Persistent cookie	This cookie is set due to Twitter integration and sharing capabilities for the social media.
personalization_id	Twitter	Persistent cookie	This cookie is set due to Twitter integration and sharing capabilities for the social media.
VISITOR_INFO1_LIVE	Youtube.com	Persistent cookie	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. Further Information: Click here for YouTube video player cookie policy: https://policies.google.com/privacy?hl=en (Google's standard terms).
YSC	Youtube.com	Persistent cookie	This cookie is set by Youtube and is used to track the views of embedded videos. Further Information: Click here for YouTube video player cookie policy: https://policies.google.com/privacy?hl=en (Google's standard terms).

Cookie	Type	Duration	Description
_ga	Google Analytics	Persistent cookie	These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve our site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited. Further Information: Click here for Google’s privacy policy in respect of Google Analytics: http://www.google.com/analytics/learn/privacy.html You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB.
_gat_UA-162883444-1	Google Analytics	Persistent cookie	These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve our site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited. Further Information: Click here for Google’s privacy policy in respect of Google Analytics http://www.google.com/analytics/learn/privacy.html You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB.
_gcl_au	Google Analytics	Persistent cookie	These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve our site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited. Further Information: Click here for Google’s privacy policy in respect of Google Analytics : http://www.google.com/analytics/learn/privacy.html You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB.
_gid	Google Analytics	Persistent cookie	These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve our site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited. Further Information: Click here for Google’s privacy policy in respect of Google Analytics: http://www.google.com/analytics/learn/privacy.html You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB.

NT Analyzer Navigates Virginia’s New Privacy Law

Requirements

NT Analyzer’s CDPA Solution

Request a Demo

Author Steven Roosa