VA HB954 | 2020 | Regular Session


Spectrum: Partisan Bill (Democrat 1-0)
Status: Introduced on January 7 2020 - 25% progression
Action: 2020-01-27 - Continued to 2021 in Communications, Technology and Innovation by voice vote
Pending: House Communications, Technology and Innovation Committee
Text: Latest bill text (Prefiled) [HTML]


Cybersecurity; care and disposal of customer records; security for connected devices. Requires any business to take all reasonable steps to dispose of, or arrange for the disposal of, customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or indecipherable. The measure requires any business that owns, licenses, or maintains personal information about a customer to implement and maintain reasonable security procedures and practices appropriate to the nature of the information in order to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. A violation of these requirements constitutes a prohibited practice under the Virginia Consumer Protection Act. The measure also requires a manufacturer of a device or other physical object that is capable of connecting directly or indirectly to the Internet to (i) equip the device with reasonable security features, (ii) demonstrate conformity with industry standards for cybersecurity and resiliency, (iii) provide an opt-in forum or registration capability to allow consumers to know when a vulnerability or breach is discovered, (iv) make patch notification and end-of-life support events easily obtainable by registered users of the manufacturer's connected devices, and (v) when it is aware of existing vulnerabilities that put more than 500 users at risk, notify the office of the Chief Information Officer of the Commonwealth and provide remediation steps to consumers without unreasonable delay. The bill has a delayed effective date of January 1, 2021.

Tracking Information

Register now for our free OneVote public service or GAITS Professional trial account and you can begin tracking this and other legislation, all driven by the real-time data of the LegiScan API. Providing tools allowing you to research pending legislation, stay informed with email alerts, content feeds, and share dynamic reports. Use our new PolitiCorps to join with friends and collegaues to monitor & discuss bills through the process.

Monitor Legislation or view this same bill number from multiple sessions or take advantage of our national legislative search.


Cybersecurity; care and disposal of customer records, security for connected devices.



2020-01-27HouseContinued to 2021 in Communications, Technology and Innovation by voice vote
2020-01-07HouseReferred to Committee on Communications, Technology and Innovation
2020-01-07HousePrefiled and ordered printed; offered 01/08/20 20100251D

Code Citations

ChapterArticleSectionCitation TypeStatute Text
591200(n/a)See Bill Text
591443.4(n/a)See Bill Text
591444(n/a)See Bill Text
591444.10(n/a)See Bill Text
591444.4(n/a)See Bill Text

Virginia State Sources

Bill Comments