Citizens of Nevada now have greater say as to how their personal information is used. Senate Bill 220, the Online Privacy Law, went into effect on Oct. 1, 2019. The new law provides consumers more ability to thwart websites from selling their information to third-party firms.
The legislation makes the Silver State the first state after California to pass privacy legislation. But California goes into effect in January 2020. Like the Nevada bill, the California Consumer Privacy Act (CCPA) will bolster privacy rights and consumer protection for California residents. The bill was modeled after the CCPA but is more restrictive in some areas.
Nevada’s new law prohibits an operator of an Internet website or online service that collects certain information from Nevada consumers from making any sale of that information about a consumer if he or she opts out.
Nevada’s privacy law’s definition of “personal information” include an individual’s first and last name, home or other physical address, email address, phone number, social security number, any identifier that allows an individual to be contacted either physically or online, and anything else that can be defined as personal information.
Nevada’s bill amends the state’s existing privacy law and requires an operator to create a designated request web address through which a consumer can submit a verified request directing the operator not to make any sale of covered information collected about the consumer. The term “designated request address” also means an electronic mail address, toll-free telephone number.
The law also requires that an operator respond to a verified request submitted by a consumer pursuant within 60 days of receipt. An operator may extend the response time by an additional 30 days if it determines the extension is “reasonably necessary.” The operator must notify the consumer of an extension.
The Nevada Act exempts financial institutions and healthcare providers subject to GLBA and HIPAA, and third-party businesses that manage websites on behalf of an owner.
If a company fails to comply with the new law, courts can order injunctive relief or impose a civil penalty of up to $5,000 for each violation. However, consumers cannot bring a private action.
The Office of the Nevada Attorney General said in a statement that it “takes every complaint seriously, and we have a track record of enforcing consumer protection and data privacy laws. That will continue.”
It added that it’s encouraged by the companies already taking steps to follow SB220. That, it said, gives “the office the ability to continue working proactively with the business community to ensure compliance and to vigorously enforce consumer protection laws.”
The bill passed the Assembly by a vote of 40-0 and the Senate by a vote of 21-0, and Nevada Governor Steve Sisolak signed Senate Bill 220 into law on May 29, 2019.
