Nevada joins other states to enhance privacy protections for consumers
The trend of states increasing privacy protections for consumers continues to gain momentum throughout the country. Nevada is the most recent example and enacted new legislation to enhance privacy protections for its residents. This amendment to existing online privacy and data protection laws, Senate Bill 220 (S.B. 220), will be effective on October 1, 2019.
S.B. 220 will require operators of websites and providers of online services that collect certain personally identifiable information to establish a designated request address. Through this address, a consumer may submit a verified request directing the operator or online service provider to not make any “sale” of covered information collected about the consumer. Additionally, website operators and online service providers must respond to a verified opt-out request within 60 days of receipt. S.B. 220 and the
S.B. 220 defines the term “sale” to mean “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.” This definition limits the application of S.B. 220
S.B. 220 does not apply to financial institutions and affiliates subject to the Gramm-Leach-Biley Act (GLBA), entities subject to the Health Insurance Portability and Accountability Act (HIPAA), manufacturers of motor vehicles, or persons who repair or service motor vehicles.
The Nevada Attorney General has the authority to enforce the provisions of S.B. 220, and, upon finding a violation thereof, a court may issue a temporary or permanent injunction or impose a civil penalty not to exceed $5,000 for each violation. S.B. 220 does not create a private right of action.
Although S.B. 220 has similarities to analogous provisions