July 21, 2019

July 19, 2019

Subscribe to Latest Legal News and Analysis

Nevada Accelerates Privacy Compliance Timeline with Senate Bill 220

While privacy experts were quietly toiling away, aiming for a January 1, 2020 CCPA compliance deadline, Nevada legislators passed a law that will force many companies to put into place opt-out procedures three months earlier than they had anticipated.

Senate Bill 220 will require operators of commercial websites or online services that collect and maintain covered information to honor opt-out requests by Nevada consumers. Below is a high-level overview of SB 220.

When will SB 220 become effective?

October 1, 2019

Who is subject to SB 220?

Operators.

An “operator” means a person who (i) owns or operates an Internet website or online service for commercial purposes; (ii) collects and maintains covered information from consumers who reside in Nevada and use or visit the website or online service; and (iii) purposefully directs its activities towards Nevada, consummates transactions with Nevada residents, avails itself of the privileges of conducting activities in Nevada, or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the US Constitution.

What information is protected?

Covered information.

Covered information means:

  • first and last name,

  • physical address,

  • email address,

  • phone number,

  • social security number,

  • identifier that allows a specific person to be contacted either physically or online, or

  • any other information concerning a person in combination with an identifier that makes the information personally identifiable.

What obligations will operators have?

  • Operators that receive a verified opt-out request from a consumer are prohibited from selling any covered information to data brokers.

  • Operators must establish a designated request address through which a consumer may submit an opt-out request.

What steps should my company take between now and October 1, 2019?

  • Determine whether SB 220 applies to you.

  • Know and map your data: What specific pieces of personal information do you collect? Do you sell it? Do you plan to sell it?

  • Update your privacy policy to provide consumers your designated request address.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.

...

704-331-4910
Tom Kierner Lawyer Womble Bond Dickinson Atlanta Fintech IP Data Privacy Payment Systems
Associate

Tom Kierner is a transactional attorney with a background in payment systems and financial regulations.  He is a member of the firm’s FinTech and IP Transaction teams in Atlanta.

Tom advises his clients on the dynamic regulatory and legal landscape for FinTech and payments companies. He also assists his clients in negotiating and drafting agreements with banks, processors, and other service providers.

He has experience handling data privacy matters on behalf of clients, including managing data breach responses. He also has experience responding to inquiries and enforcement actions brought by state and federal agencies, including the Consumer Financial Protection Bureau (CFPB), various state attorneys general, and state banking divisions.  

As former in-house counsel at two financial services companies, Tom provided regulatory guidance to his clients to maintain compliance with state and federal requirements, including advising on planned advertising and promotional activities to ensure compliance with consumer and privacy laws.  He also oversaw his clients’ consumer arbitration process, successfully disposing of the majority of arbitration demands outside the costly arbitration process, and managed a portfolio of state money transmitter licenses, including reporting and responses to regulatory inquiries.  

Tom is a Certified Information Privacy Professional (CIPP/US).  

404-888-7409