Article by Meghan O’Connor About New Reproductive Health Privacy Law Published by Corporate Compliance Insights

Article

Meghan O’Connor, a Quarles & Brady partner in the Health & Life Sciences Practice Group and co-chair of the firm’s Data Privacy & Security team, wrote an article, published by Corporate Compliance Insights, about a new Virginia reproductive or sexual health privacy law that takes effect July 1.

The law, which amends the Virginia Consumer Protection Act and places stricter requirements — including explicit opt-in consent — on how reproductive or sexual health information is handled, will significant compliance steps by companies doing business in Virginia and is not limited to traditional health care companies.

O’Connor explains in the article how the law’s definition of applicable information has broader reach and what it means for impacted companies. An excerpt:

As drafted, this definition is broad enough to include data collected by companies that are not traditionally part of “reproductive or sexual health” product or service delivery:

  •  Commercial transaction data, e.g., purchase of condoms and other contraceptives, menstrual products or over-the-counter pain relievers for cramps.
  •  Geolocation data collected in a non-healthcare setting if the data could indicate an attempt to acquire reproductive or sexual health services or supplies, e.g., location near a reproductive health clinic and geolocation data used by brick-and-mortar stores to provide pick up for a prescription or OTC supplies.
  •  Browsing behavior and purchase data and any subsequent use of such data for marketing.
  •  Employment applications and certain employee data regarding wellness initiatives and fertility treatments.

Under the Virginia law, any person who suffers a loss as a result of a violation shall be entitled to actual damages (with willful violations leading to treble damages) and reasonable attorneys fees and court costs. The Virginia Attorney General’s Office may also sue to enjoin violations and recover civil penalties for willful violations.

SB 754 will go into effect July 1, which leaves little time for entities to analyze applicability and prepare technical and operational opt-in consent processes for the wide variety of transactions that may be caught in SB 754’s compliance scope.

Follow Quarles

Subscribe Media Contact
Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.