Health

Virginia passes broad reproductive and sexual health data privacy law

Wednesday, 30 April 2025 12:08AM UTC

Signed into law by Governor Glenn Youngkin in March 2024, Virginia's Senate Bill 754 introduces comprehensive privacy regulations for reproductive and sexual health information across a wide range of business sectors, extending beyond traditional healthcare and affecting retail, marketing, and employment wellness programs. The new rules require explicit opt-in consent for data collection and impose significant enforcement measures, with the law coming into force from July 2025.

In March 2024, Virginia Governor Glenn Youngkin signed Senate Bill 754 (SB 754), introducing a new privacy regulation affecting a broad array of businesses beyond traditional healthcare sectors. The legislation amends the Virginia Consumer Protection Act to impose strict obligations on suppliers who obtain or share "reproductive or sexual health information" in connection with consumer transactions. The law is set to take effect from July 1, 2025, with enforcement mechanisms including state action and a private right of action.

SB 754's scope is notably broad, defining "reproductive or sexual health information" expansively. This encompasses data relating to an individual's past, present, or future reproductive or sexual health and includes specific categories such as efforts to obtain reproductive or sexual health services or supplies, reproductive health conditions (like pregnancy, menstruation, ovulation, and sexual activity status), related surgeries and procedures (including pregnancy termination), use or purchase of contraceptives and abortifacients, bodily functions and symptoms related to menstruation or pregnancy, and any derived or algorithmic data extrapolated from non-health information.

The legislation reaches beyond healthcare providers and medical products to cover commercial transaction data, such as the purchase of contraceptives, menstrual products, and over-the-counter pain relief medications. It also includes geolocation data that could indicate attempts to access reproductive health services, such as visiting reproductive health clinics or locations associated with these products, as well as browsing behaviour and marketing data. Employee-related data connected to wellness initiatives and fertility treatments may also fall under the law’s ambit.

Under SB 754, suppliers—defined broadly to include sellers, lessors, licensors, manufacturers, and distributors involved in consumer transactions primarily for personal, family, or household use—are required to obtain explicit opt-in consent before collecting, disclosing, selling, or disseminating personally identifiable reproductive or sexual health information. This requirement applies even when such data processing is necessary for delivering the requested product or service. The standard for consent mirrors that of the Virginia Consumer Data Protection Act (VCDPA) enacted in 2021, demanding a clear, affirmative, specific, informed, and unambiguous opt-in.

Notably, the legislation does not clarify what constitutes "personally identifiable" information, leaving companies without a definitive standard for de-identification to avoid compliance. Moreover, except for exemptions pertaining to data protected under HIPAA, the confidentiality rules under 42 CFR Part 2 for substance use disorders, and Virginia’s health records privacy law, SB 754 imposes obligations without entity-level or threshold exemptions. This means non-healthcare businesses and non-resident companies conducting consumer transactions in Virginia may fall within the new regulatory framework.

The law contemplates substantial enforcement provisions. Individuals who suffer losses due to violations can seek actual damages, with willful breaches subject to treble damages, alongside reasonable attorneys’ fees and court costs. The Virginia Attorney General’s Office is empowered to pursue injunctions and civil penalties against violators.

Meghan O’Connor of Quarles, writing in Corporate Compliance Insights, highlighted that the law "will require significant technical and operational compliance steps for companies doing business in Virginia," pointing out the challenges companies face in implementing the necessary opt-in consent processes across diverse types of transactions.

With just over a year until the law takes effect, businesses involved in retail, marketing, data analytics, and even employment-related wellness programs must urgently assess the impact of SB 754 to prepare for compliance by the July 2025 enforcement deadline.

Source: Noah Wire Services

More on this

https://www.jdsupra.com/legalnews/heightened-protection-of-reproductive-3842140/ - This article discusses the enactment of Virginia Senate Bill 754, which amends the Virginia Consumer Protection Act to prohibit obtaining, disclosing, selling, or disseminating personally identifiable reproductive or sexual health information without consumer consent. It also highlights the broad definition of 'reproductive or sexual health information' and the private right of action available under the law.
https://www.jdsupra.com/legalnews/virginia-enacts-new-broad-consent-9891880/ - This article provides an overview of Virginia's new law requiring broad consent for the collection of reproductive and sexual health information. It details the affirmative consent requirement, the broad scope of the law, and the potential implications for businesses operating in Virginia.
https://www.quarles.com/newsroom/publications/virginias-new-sweeping-reproductive-and-sexual-health-privacy-law-may-affect-all-companies-doing-business-in-the-state - This publication discusses the significant compliance steps required for companies doing business in Virginia due to the enactment of Senate Bill 754. It emphasizes the broad definition of 'reproductive or sexual health information' and the requirement for explicit opt-in consent before collecting, disclosing, selling, or disseminating such information.
https://www.royalexaminer.com/youngkin-signs-bill-to-protect-reproductive-and-sexual-health-data-vetoes-right-to-contraception/ - This article reports on Governor Glenn Youngkin signing Senate Bill 754, which protects reproductive health data, including information collected in period tracking digital apps, and allows consumers to sue if their data is sold or released without their consent.
https://www.apnews.com/article/1e191ba19ac6a8688de7bb972270f9de - This news article covers Governor Youngkin's signing of Senate Bill 754, which prohibits the issuance of search warrants, subpoenas, or court orders for electronic or digital menstrual health data, aiming to protect women's privacy and prevent such information from being used in potential prosecutions.
https://www.vadogwood.com/2024/08/12/new-virginia-law-prevents-law-enforcement-from-accessing-period-tracker-data/ - This article discusses a new Virginia law that went into effect on July 1, 2024, preventing law enforcement from accessing period tracker data, thereby protecting the privacy of individuals who use smartphone apps to track their menstrual cycles.
https://news.google.com/rss/articles/CBMirAFBVV95cUxOcTVoZzlHWUdTV2llTTVUblVrMllLSThxdWVOdlJtYjRteGRFay1sWUhfVjNPUG14VkpSZTdmNHg5X0Z5U0RmYmhFWTVjN1lUd1lzT1cxU1gxeXZoS25jeWRjVS1kTEpnb2lDOFYtQ1BoRl9zWWVyU1U3V2gycnRobFpqVTRIVjdaMEVZRkV3cHJWR3gzWTNiZlZnR3ZFNGxxYmdEOHJNTWFlNkx0?oc=5&hl=en-US&gl=US&ceid=US:en - Please view link - unable to able to access data

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 9

Notes: The narrative references current legislation with a future enforcement date, indicating that the information is relatively fresh and relevant.

Quotes check

Score: 8

Notes: There are direct quotes from Meghan O’Connor, but without a specific source date or original publication context, it's challenging to fully verify their origin.

Source reliability

Score: 6

Notes: The narrative does not explicitly originate from a well-known publication, but it presents detailed legal information suggesting a level of expertise or research.

Plausability check

Score: 9

Notes: The claims about Senate Bill 754 seem plausible, given the context of ongoing legislative changes and privacy regulations. However, specific aspects like enforcement mechanisms may require further verification.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative appears to be largely accurate, discussing recent and upcoming legislative changes in Virginia. While the source of the narrative is not explicitly stated, the legal details are well-researched, and the information is timely.

Virginia
SB 754
data privacy
health information
consumer protection