Bloomberg: Dinsmore's Matt Diaz Speaks on Data Privacy Law Compliance

May 3, 2021Quotes & Mentions
Bloomberg Law

Bloomberg Law published an article this week on Virginia’s recently enacted consumer privacy law and how lawyers are helping their clients brace for compliance under the new regulations. Dinsmore cybersecurity and data privacy attorney Matt Diaz wrote about the new law when it was passed, and he spoke with Bloomberg for the story. An excerpt is below.

Virginia’s recently enacted consumer privacy law means businesses need to kickstart compliance preparation now to avoid regulatory scrutiny once the law takes effect in January 2023.

Companies should craft data processing agreements and hammer out an appeals process for consumer information requests since those are likely to be time-consuming. But they should also evaluate how new California Privacy Rights Act compliance requirements can be rolled in alongside Virginia preparation to minimize time and resource use, attorneys say.


Data processing agreements will take time because companies may work with hundreds of vendors, said Matt Diaz, a cybersecurity and data privacy attorney at Dinsmore &Shohl LLP in Columbus, Ohio.

Those agreements—contracts between a company and its vendors—spell out acceptable practices, including how long data will be retained. Even a company with an existing vendor contract will have to update it or change some provisions during renewal, and that takes time, Diaz said.

“For me, this is a high priority, and when you’re onboarding new vendors, you need to make sure these are part of the package of documents that vendors must execute on,” Diaz said.

Click here to read the full article.