Virginia Consumer Data Protection Act (CDPA)

July 1, 2023 is the sunset date for UA or Universal Analytics.

Second in the nation behind California to enact online privacy regulation, Virginia’s new law takes effect on January 1, 2023.

Similar to the law in California that is again similar in itself to the more stringent privacy regulations in the European Union, Virginia has new privacy rules now too.

What does this mean for US and Virginia-based businesses and those selling in Virginia?

First and foremost, if you do not have cookie notifications on your website, now is the time to implement this scripting. There are many online services that provide the scripts to meet the European Unions’ strict rules and can be used to meet both California and Virginia’s regulations. We use cookie-script.com for our privacy adherence needs.

For Virginia businesses and those that do business in Virginia, here’s what you need to know about this recently passed act.

First you must be in compliance by January 1, 2023.

“Virginia’s legislation has a carve-out for information collected in the employment context, whereas California’s law applies to some employment data.” Read the full article.

The CDPA applies to the following business types:

• Those that control or process the personal data of at least 100,000 consumers.

• Those that process the personal data of at least 25,000 consumers and derive more than 50 percent of their gross revenue from selling personal data.

Make sure to check this article for a number of exemptions. Virginia has made its law less stringent than California’s privacy law, but make sure you know what is covered and not covered.

What Are Your Rights in this New Law?

“Virginia’s law was modeled after California’s laws and the European Union General Data Protection Regulation. Virginia’s law provides expansive consumer privacy rights, such as the right to access, right of rectification, right to delete, right to opt out, right of portability and right against automatic decision-making. The act includes a broad definition of “personal information,” a “sensitive data” category, and data-protection assessment requirements for businesses that control the data.”

“Consumers don’t have the right to bring a private lawsuit for violations of the act. Instead, the Virginia attorney general’s office will enforce the law. Entities will have the opportunity to cure violations or face a fine of $7,500 per violation.” Read more.

Most people expect other states to follow with restrictions similar to Virginia’s or California’s.

Our Recommendation

With privacy being in the forefront of everyone’s mind right now, it is time to look at adding a privacy statement and cookie setting acknowledgement script on your website.

When the EU rolled out it’s privacy regulation several years ago, many businesses opted to not update their site for cookie approval as they felt they were exempt (erroneously) by not selling services or products in the European Union. Now with expansion of similar regulations to California and Virginia, it is time to implement technology to be in compliance this year and at the minimum by December 31, 2022.

 

 

How to Move Your Website to SSL

Be in the Know on Microsoft Advertising

Many website owners are getting approached by their hosts to move from http to https. What is important to know is that there is an easy way to do this and a hard way.

Here are my tips to easily move from http to https

Typically I will recommend that you buy your SSL certificate through your web host. Although it may be slightly more expensive, when you use your host’s provider your host is eager to help you set up your SSL cert correctly.

I paid $199 for my SSL certificate which is renewable each year through my web host. Once you have purchase the certificate, your host take over the installation on your server. For most clients this is all that needs to be done. Everything should work yet be under the green padlock and your site should start with https.

I do recommend that if you do move to SSL that you have your webmaster review your website files to assure that there are no hard coded in page links within your website referencing http. If there are, you will want them to change them to https.

Also if you are running WordPress in a directory on your site, you will want to update your logins and locations so that your blog and the blog access control panel are now all https.

Last of all do not forget to update the links in Google Ads. Change your site links and ad URLs to https to complete the project.

One tip, I typically recommend moving to https before you do a website redesign. There is nothing worse than having to troubleshoot server issues for https while you are troubleshooting a new site launch. Don’t do these updates at the same time.

Contact Form Solutions

What to Do With a Contact Form?
What to Do With a Contact Form?

Occasionally we have a client who is using a low-end web host or who is self-hosting and does not have a cgi-bin or scripting enabled in order for us to install a contact form processing script. Sometimes this has lead to expensive programming charges. We do not offer programming and so we have to contract out this portion of a project adding to expenses.

We have found a service that will process the script for you on their servers and so far it looks like a clean and elegant solution to a thorny problem for some clients. You will want to click our post title to review the site MyContactForm.com. With a premium account for $24.99 per year, now any client can have a professional seamless contact form installed on their site without complex programming initiatives. I think that it is a very smart solution.

An Update on the EU’s GDPR for Privacy

An Update on the EU’s GDPR for Privacy
An Update on the EU’s GDPR for Privacy

Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.

First, clients who thought that they did not want to update their privacy policy or implement cookie approval for website statistic tracking have changed their minds.

Our team has been very busy updating websites to beef up the transparency of the privacy policy, reveal clearly what is being tracked on websites, offering ways to opt out of tracking, and installing cookie approval scripts on websites.

Several clients have shared their thoughts with us on why the sudden change. Some are listed below.

“I do feel lucky about not getting caught, but also want to be safe.”

“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”

“I think it is stupid to do, but I am getting inundated with privacy policy updates from everyone that I do business with, that maybe I do need to do something to my website.”

As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.