Skip to main content

Battle of the Privacy Laws: Understanding Virginia’s New Consumer Data Protection Act and How It Compares to the CCPA/CPRA and the GDPR


Speaker(s): Aaron P. Simpson, Holly A. Brady, Lisa J. Sotto, Robert T. Bohannon
Recorded on: Apr. 22, 2021
PLI Program #: 325914

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation. Additionally, Aaron prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


Holly advises clients on a broad range of complex privacy, cybersecurity and data protection matters, including monitoring and assessing new and emerging requirements across the globe.

As a member of the firm’s top-ranked privacy and cybersecurity practice, Holly assists clients in identifying, evaluating and managing global privacy and information security risks and compliance issues. Holly works with clients to address privacy and data protection issues and manage data breaches and cybersecurity incidents.

Prior to joining the firm, Holly managed the data privacy program at a Fortune 500 company, where she advised on data privacy compliance and risk management for the company’s US and international operations. In this role, Holly was in charge of privacy program design, policy development, training and awareness, and risk assessments. Holly also advised the company’s chief information security officer on matters relating to cybersecurity and technology, including cybersecurity governance and incident response.

Holly also has extensive experience negotiating and documenting information technology and business process outsourcing transactions, as well as handling general commercial contracting matters. She frequently speaks before industry groups, legal organizations and educational institutions at conferences, seminars and other events. She also is adjunct professor of cybersecurity law at William & Mary School of Law, where she enjoys teaching the next generation of cybersecurity lawyers.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018, and the California Privacy Rights Act of 2020.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,900 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Robb has more than 10 years of experience representing companies and trade associations in the health care, entertainment, and high tech industries in federal and state politics.

Throughout his career, Robb has worked on legislative and regulatory matters across the country related to health and wellness, economic development, First Amendment protections, e-commerce, retail and privacy. He has substantial experience working with governors and state attorneys general offices, building consensus on political and legislative issues, as well as securing support for amicus briefs.

Robb supports clients on a variety of measures including drafting legislation, testifying before legislative committees and subcommittees, lobbying state and federal legislators, developing and implementing legislative strategies, developing and administering clients’ political action committees, and developing and implementing grassroots and grasstops strategies on local, state and national levels.