The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Nevada's New Consumer Privacy Law Goes Into Effect

by Chris Brook on Monday October 7, 2019

Contact Us
Free Demo
Chat

Nevada's new privacy law requires websites to post a privacy notice and allow consumers to opt out of the sale of their personal data.

As scheduled, the Nevada State Privacy law went into effect last week, giving residents in the state more control over how their personal data is used and an added layer of compliance for companies who collect and maintain the personal data of citizens in the state.

The law, which went into effect on October 1, three months before the California Consumer Privacy Act’s compliance deadline, January 1, 2020.

While the law allows consumers to opt out of the sale of their personal information, data like their name, home address, email and phone number, it's worth highlighting that the Nevada law, Senate Bill 220, is far less stringent than the CCPA.

To reiterate, the following types of companies need to comply with the law:

Companies that:

• Own or operate an Internet website or online service for commercial purposes;
• Collect and maintain covered information from consumers who reside in Nevada and use or visit the Internet website or online service; and
• Purposefully directs its activities toward this State, consummates some transaction with this State or a resident thereof, [or] purposefully avails itself of the privilege of conducting activities in this State

To meet the law’s minimum compliance bar, companies need to post a privacy notice on its website, designate a way for consumers to opt-out, reasonably authenticate the identity of the consumer to verify requests, respond and comply with consumer opt out of sales request.

The business-friendly law gives companies 60 days to respond to a consumer’s request to opt-out, a number that can be extended by an extra 30 days if reasonably necessary.

Still, it’s important for companies to be able to keep stock of their data, either via mapping software, or through another form of inventory in order to understand what data, if any, is being sold to third parties.

Technically, in Nevada's law, money and data more or less needs to exchange hands. The state classifies sales as  exchanges of personal information for monetary consideration by the online operator to a person for the person to license or sell the personal information to additional persons. This differs from the CCPA, in which just the disclosure of data can be a sale.

As reported earlier this summer, for companies that fail to comply with the law, the Nevada Attorney General could impose an injunction or civil penalty of $5,000 for each violation.

Tags: Government, Data Privacy

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.