On March 2, 2021, Virginia adopted a comprehensive new law regulating consumer data privacy. The law becomes effective on Jan. 1, 2023 and is the second such state law (California being the other). It appears other states may join VA and CA with European style privacy laws. Most RIAs appear not to be covered but nonetheless need to pay attention to this developing trend. Briefly, VA's law covers entities that (1) Annually control or process personal data of at least 100,000 Virginia residents, or (2) Control or process personal data of at least 25,000 Virginia residents and derive over 50% of gross revenue from the sale of personal data. If your company falls within those parameters, then you need to prepare to comply with GDPR type regulation if you have not done so already. Please click the headline to this blurb to be connected to an excellent Ropes & Gray legal alert on the subject.