Meghan O’Connor Insight Included in Privacy Daily Article on Virginia’s New Reproductive Data Privacy Law

Media Mention

Meghan O’Connor, co-chair of the Quarles & Brady Data Privacy & Security team, was quoted in a Privacy Daily article about a new Virginia reproductive data privacy law that goes into effect July 1.

The new law, which amends the Virginia Consumer Protection Act (VCPA), presents an array of notable compliance challenges for many companies, including a higher consent standard. O’Connor addressed some of the implications of the new law for Virginia companies.

An excerpt:

Quarles attorney Meghan O’Connor said the VCPA “allows for broad attorney general enforcement authority and … a private right of action for mere non-compliance.” As a result, she argued, “We may see broader enforcement authority, litigation, and -- because of the lack of threshold requirements like VCDPA -- a large scope of regulated entities.”

In other ways, however, the reproductive health privacy law applies to a wider range of companies than Virginia’s comprehensive privacy law.

It “applies broadly to business-to-business and consumer-facing businesses that meet the definition of ‘supplier’ under the [VCPA],” said O’Connor. The VCDPA, by contrast, doesn’t cover B2B. “The definition is broad enough to capture entities doing business in Virginia and non-resident companies that engage in consumer transactions in Virginia,” added the Quarles lawyer. Also, it lacks threshold requirements on revenue or how much data is processed.

In addition, “reproductive or sexual health information” under the new law “includes very broad swaths of data that could include commercial transaction data” for things like menstrual products and over-the-counter pain relievers for menstrual cramps, browsing behavior and purchase data, said O’Connor. It may also include geolocation data collected in a non-healthcare setting if it might show “an attempt to acquire reproductive or sexual health services or supplies,” said the attorney: Many organizations may not think of the above as health care data.

Resources

Originally published in Privacy Daily, April 16, 2025 (Subscription required.)

Follow Quarles

Subscribe Media Contact
Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.