Glossary

    V

    A B C D E F G H I L M N O P R S U V W

    Virginia Consumer Data Protection Act (VCDPA)

    • Description: A Virginia state law that establishes a framework for controlling and processing personal data, granting consumers rights over their data and imposing responsibilities on businesses.
    • Enacted and Enforced: Enacted in 2021; enforced by the Virginia Attorney General.
    • Impacts Data Types: Personal data, sensitive data, consumer information.
    • Examples: Consumer rights to access, correct, delete, and opt-out of data processing.
    • Potential Fines: Civil penalties up to $7,500 per violation.

    Vendor Risk Management

    • Description: The process of identifying, assessing, and controlling risks associated with third-party vendors and service providers, especially those who have access to sensitive data or systems.
    • Enacted and Enforced: Driven by industry standards and regulatory requirements (e.g., GLBA, HIPAA, GDPR); enforced through contractual obligations and audits.
    • Impacts Data Types: Any data shared with or processed by vendors, including PII, PHI, financial data.
    • Examples: Vendor due diligence, security questionnaires, ongoing monitoring, contract clauses for data protection.
    • Potential Fines: Fines and penalties for data breaches or non-compliance, dependent on applicable regulation.
    A B C D E F G H I L M N O P R S U V W