November 26, 2022

Volume XII, Number 330


November 23, 2022

Subscribe to Latest Legal News and Analysis

Website Operators In or Targeting Nevada, You Have Privacy Policies to Implement By October 1, 2017

As of October 1, 2017, Nevada will join California and Delaware to require the operators of certain websites and online services to post a notice on their website informing users about their privacy practices. The law, which will amend Nevada’s Security of Personal Information statute (NRS 603A – Security of Personal Information), will exclude in-state entities that derive revenue primarily from sources other than online sales and have fewer than 20,000 unique visitors per year. Under the law, five categories of information are expressly mandated to be in the notice. Specifically, the notice must:

  1. Identify the categories of “covered information” collected through the website and the categories of third parties with whom that information may be shared;

  2. Describe the process, if any, by which users may review and request changes to covered information collected through the website;

  3. Disclose whether third parties may collect information about users’ online activities from the website;

  4. Provide an effective date of the notice; and

  5. Describe how the website operator will notify consumers of material changes to the notices required to be made under the new law.

For purposes of this law, “covered information” includes:

  1. A first and last name;

  2. A home or other physical address that includes the name of a street and the name of a city or town;

  3. An electronic mail address;

  4. A telephone number;

  5. A social security number;

  6. An identifier that allows a specific person to be contacted either physically or online; and

  7. Any other information concerning a person collected from the person through the website or online service in combination with any identifier in a form that makes the information personally identifiable.

Once the law is enacted, the Nevada Attorney General will have the power to issue temporary or permanent injunctions and to assess penalties of up to $5,000 per violation to enforce compliance. The law does not establish a private cause of action, which means no individual website users can sue an entity for violating the law, but it also does not preempt any other remedies provided by law.

© Copyright 2022 Dickinson Wright PLLCNational Law Review, Volume VII, Number 212

About this Author

Sara H. Jodka, Dickinson Wright, largescale layoffs lawyer, employment reductions attorney
Of Counsel

Sara H. Jodka, Of Counsel at Dickinson Wright, dedicates her practice to working with employers to anticipate, identify, and resolve labor and employment, data privacy, related compliance issues and litigation risks in today’s ever evolving workplace. Sara devotes a significant part of her practice to proactively counseling employers in litigation prevention and overall compliance with state, federal, and administrative laws and regulations, which includes reviewing and revising employee handbooks and policies; counseling management regarding termination decisions (...

Justin Root, Dickinson Wright Law Firm, Cybersecurity and Information Privacy Attorney
Of Counsel

Clients with cybersecurity and information privacy concerns and challenges hire Justin for his experienced, tenacious, and thorough approach to data privacy and navigating an incident response. Justin’s breadth of experience, which includes service as a Special Deputy United States Marshal on the Federal Bureau of Investigation’s Cybercrime Task Force, is ever-present in his calming and clear analysis and strategic assessments of and approaches to cybersecurity and data privacy issues. As a result, Justin’s solutions-oriented approach reflects an appreciation for and is...