A. The Attorney General shall have exclusive authority to enforce the provisions of this chapter.
B. Prior to initiating any action under this chapter, the Attorney General shall provide a controller or processor 30 days' written notice identifying the specific provisions of this chapter the Attorney General alleges have been or are being violated. If within the 30-day period the controller or processor cures the noticed violation and provides the Attorney General an express written statement that the alleged violations have been cured and that no further violations shall occur, no action shall be initiated against the controller or processor.
C. If a controller or processor continues to violate this chapter following the cure period in subsection B or breaches an express written statement provided to the Attorney General under that subsection, the Attorney General may initiate an action in the name of the Commonwealth and may seek an injunction to restrain any violations of this chapter and civil penalties of up to $7,500 for each violation under this chapter. All civil penalties, expenses, and attorney fees collected pursuant to this chapter shall be paid into the state treasury and credited to the Regulatory, Consumer Advocacy, Litigation, and Enforcement Revolving Trust Fund.
D. The Attorney General may recover reasonable expenses incurred in investigating and preparing the case, including attorney fees, in any action initiated under this chapter.
E. Nothing in this chapter shall be construed as providing the basis for, or be subject to, a private right of action for violations of this chapter or under any other law.
2021, Sp. Sess. I, cc. 35, 36; 2022, cc. 451, 452.
Structure Code of Virginia
Title 59.1 - Trade and Commerce
Chapter 53 - Consumer Data Protection Act
§ 59.1-575. (Effective January 1, 2023) Definitions
§ 59.1-576. (Effective January 1, 2023) Scope; exemptions
§ 59.1-577. (Effective January 1, 2023) Personal data rights; consumers
§ 59.1-578. (Effective January 1, 2023) Data controller responsibilities; transparency
§ 59.1-579. (Effective January 1, 2023) Responsibility according to role; controller and processor
§ 59.1-580. (Effective January 1, 2023) Data protection assessments
§ 59.1-581. (Effective January 1, 2023) Processing de-identified data; exemptions
§ 59.1-582. (Effective January 1, 2023) Limitations
§ 59.1-583. (Effective January 1, 2023) Investigative authority
§ 59.1-584. (Effective January 1, 2023) Enforcement; civil penalty; expenses