Home > Media Room > Primer On Virginia's Data Breach Law: Part One

Primer On Virginia's Data Breach Law: Part One

Imagine that your laptop is stolen.  Since you conduct all your business on it, you struggle to remember the last time you backed up your data, and agonize at the prospect of rebuilding weeks, months, and possibly years of files.  As you contemplate the recovery of your business data, you should also think about whether your laptop stored personal information of employees or clients.  If so, you may have to notify them of the theft.

Virginia, like almost all states, has enacted legislation requiring persons or entities to notify impacted parties of a “breach of the security of [a] system.”  Such a breach occurs where there is “unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals,” and which causes (or is reasonably believed to have caused) identity theft or fraud to a Virginia resident.  “Personal information” is a Virginia resident’s “first name or first initial and last name in combination with and linked to” that resident’s social security number, driver’s license number or state ID card number, or financial data, where those data elements are neither redacted nor encrypted.

So if you determine that the stolen laptop has resulted in the breach of the security of a system, what are the next steps you should take?  

READ: Part II, Part III


You must read and accept these terms in order to send us email.

Use of this website for communication does not constitute or create an attorney-client relationship for any legal matter for which we do not already represent you. Please do not send any confidential or privileged information electronically via this website unless we have already agreed to represent you.

If you send us information electronically via this website, you agree that our review of that information, even if you submitted it in a good faith effort to retain us, and, further, even if it is highly confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.