Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate
Tuesday, June 11, 2019
Nevada’s Privacy Law Granting Opt-Out Rights
Print Mail Download i

On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.

The new law is narrower in scope than the California Consumer Privacy Act (“CCPA”). “Operator” excludes an entity subject to HIPAA. The definition of “sale” is limited to “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.” Further, the definition of sale excludes the disclosure of covered information by the operator to a person:

  • who processes the covered information on behalf of the operator,

  • has a direct relationship with the consumer,

  • processes the data for purposes that are consistent with the reasonable expectations of the consumer considering the context in which the consumer provided the covered information,

  • who is an affiliate, or

  • if the transfer is part of a merger, acquisition, or bankruptcy.

Under the new law, operators that collect and maintain covered information from Nevada-resident consumers must provide and monitor “an electronic mail address, toll-free telephone number, or Internet website” through which a consumer may opt-out of the sale of his or her personal information. After receiving such a “verified request,” an operator may not sell any covered information it has collected or will collect about that consumer. Operators must respond to verified requests within 60 days unless an additional 30 day extension to implement the request is reasonably necessary and the consumer is notified.

The new law does not change the definition of “covered information,” nor does it restrict operators from disclosing covered information to third parties so long as the purposes for such disclosures “are consistent with the reasonable expectations of a consumer considering the context in which the consumer provided the covered information to the operator.”

While the existing law contains a requirement that operators provide a notice that, among other things, identifies the categories of covered information that is collected and with whom it is shared, the notice is not as specific as the notice requirement in the CCPA. In addition, the Nevada law does not allow for consumers to either access their data or request that data be deleted.

Finally, unlike the CCPA, which exempts certain data that is regulated by other laws, such as the Gramm Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act, the Nevada law exempts from the definition of “operators” certain entities, such as financial institution or affiliates that are subject to GLBA and entities that are subject to HIPAA. In addition, there is a special exemption related to motor vehicle manufacturers in connection with a subscription for a technology or service related to the vehicle.

Compliance with the Nevada law may be made easier for those businesses that are working toward compliance with the CCPA.

© 2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

Current Legal Analysis

More from Faegre Drinker

SCOTUS Denies Certiorari in Cases Concerning FCA Liability Requirement, Objective Falsity Circuit Split Remains Intact
by: Commercial Litigation Practice Group
Groundbreaking Fourth Circuit Decision Upholds Private Plaintiff’s Successful Effort to Unwind a Consummated Merger
by: Kathy L. Osborn , Emily E. Chow
Travel Bans and Quarantine Hotels: Traveling to the U.K. During COVID-19
by: Hodon Anastasi
TCPA Plaintiff Argues he wasn’t Injured in Attempt to Dodge Federal Jurisdiction
by: Marsha J. Indych , Renée M. Dudek
Silver Lining: COVID-19 Engagements Allow More Time for Premarital Financial Planning
by: Jaime A. Quick
Biden EPA Makes First Moves to Address PFAS in Drinking Water
by: Bonnie Allyn Barnett , Brandon W. Kirkham
Predicting the Enforcement Priorities of the Biden DOJ
by: Thomas J. Kelly , Daniel E. Pulliam
New York City Council Imposes Stricter Discipline Requirements on Fast Food Employers
by: Gerald T. Hathaway
Disclosure of Binding Arbitration Not Required In Consumer Warranties, Says Florida Supreme Court
by: Traci T. McKee , Lexi C. Fuson
FCC Order Causes Confusion Regarding Consent Required for Informational Calls to Residential Landlines
by: Matthew M. Morrissey

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins