The Nevada Privacy Law, first enacted in 2017 and subsequently amended in 2019 and 2021, imposes specific obligations on operators.
This guide provides an overview of the key requirements, definitions, and consumer rights under the Nevada Privacy Law.
Who Does the Law Apply To?
The Nevada Privacy Law applies, among others, to operators, generally persons who own or operate websites or online services for commercial purposes, collect and maintain personally identifiable information from Nevada consumers, and direct their activities toward Nevada.
Consumer Rights Under the Nevada Privacy Law
Right to Opt-Out of Sale: Nevada residents have the right to opt out of the sale of their personal information. Operators must establish a designated request address (e.g., an email address, toll-free number, or online form) for consumers to submit verified requests to opt out. Operators must respond within 60 days (with an optional 30-day extension, if necessary).
Transparency Requirements for Operators
Operators are required to provide a clear and accessible privacy notice on their websites or online services. This notice must include:
- Categories of Information Collected
A list of the types of personal information collected, such as names, addresses, email addresses, and phone numbers.
- Categories of Third Parties
Details about the third parties with whom the information may be shared.
- Consumer Review and Correction Process
Instructions on how consumers can review and request changes to their information.
- Notice of Changes
The process for notifying consumers about material changes to the privacy notice.
- Third-Party Collection
Disclosure if third parties collect consumer information across different websites or online services.
- Effective Date
The effective date of the notice.
Definitions
Understanding the key terms is essential for compliance:
- Covered Information: Personally identifiable information such as names, addresses, email addresses, Social Security numbers, and other identifiers collected by operators.
- Operator: A business that collects personal information through a website or online service and directs its activities toward Nevada residents.
- Data Broker: A business that buys and sells personal information without a direct relationship with the consumer.
- Verified Request: A consumer request to opt out that can be authenticated using commercially reasonable methods.
- Sale: The exchange of covered information for monetary consideration, excluding disclosures for processing purposes, direct relationships, or mergers and acquisitions.
Enforcement and Penalties
Non-compliance with the Nevada Privacy Law may result in civil penalties of up to $5,000 per violation. Authorities may also seek injunctions to prevent further violations.
How to Comply with the Nevada Privacy Law
- Review and Update Privacy Notices: Ensure your website or online service includes all required disclosures.
- Establish a Request Address: Create a dedicated channel for consumers to submit verified opt-out requests.
- Respond to Consumer Requests: Develop processes to authenticate and address requests within the required timeline.
- Monitor Changes to the Law: Stay informed about amendments to maintain compliance.
Why Compliance Matters
Adhering to the Nevada Privacy Law not only avoids penalties but also builds trust with your consumers. Transparency and respect for privacy rights are critical in today’s regulatory landscape.
For more information or assistance in creating compliant privacy policies, visit iubenda’s Privacy Policy Generator.
