Privacy laws

Some help with legal information about GDPR and other privacy laws

Nevada Privacy Law and What It Means for Your Organization

Nevada’s privacy law, Senate Bill 220, went into effect in October of 2019 and protects the internet privacy rights of the citizens of the state. Any organization that processes data related to the state’s citizens needs to follow the guidelines set forth by the legislation.

The law requires that websites include a location where Nevada residents can submit a request that their private information not be sold. The law maintains some similarities with neighboring California’s CCPA, but it doesn’t cover nearly as much ground and doesn’t protect users’ rights to the same extent. It does however offer more protection than the United States Federal Government offers.

The state’s attorney general may impose penalties on organizations that violate any user’s request. This right of the citizens to opt-out is at the heart of the law.

Both the CCPA and Europe’s GDPR remain larger in scope, but we may see more of these privacy regulations from state governments in the United States as time moves on.  

What Organizations Need to Do to Comply with the Nevada Privacy Law

Since the Nevada Privacy Law is narrower in scope than other comparable privacy laws, the organization’s obligations are more limited in scope. Below are some of the requirements for compliance with the Nevada Privacy Law:

  • Create a “Do Not Sell” link for your organization’s website that allows users to opt-out of data collection and advertising cookies.
  • Create an automated fulfillment system for user opt-out requests.
  • Develop unique identifiers such as account numbers or device IDs so that you can track requests and respond to individual users as needed. 

In addition to these basic requirements, organizations that do business in Nevada must have a privacy policy that includes the user’s right to opt-out of selling their data to third parties. They must also include an overview of any data they sell to third parties so that users can make an informed decision on opting out.

The user’s ability to opt-out may come in the form of a toll-free number, and email address, or directly through the website.

What Happens When a User Opts Out of the Sale of Applicable Information?

When a Nevada user opts out of information that is covered within the privacy law, it includes several different types of personal information that they may want to guard.

This includes:

  • First and last name
  • Home or other physical address (including street name, or city or town name)
  • Telephone number (Cell number, or landline)
  • Email address
  • Social security number
  • Any identifying information that allows the user to be contacted either physically or online
  • Information that concerns the user is collected through the website, maintained by the operator, and makes the user personally identifiable

Again, the Nevada attorney general can impose a penalty on organizations found in violation of a user’s request.

When a user opts out of the data sale, it obligates the organization to respond within no later than 60 days. The Nevada privacy law and the ability to opt-out empower users within the state to protect their own privacy and protect their own personal information as they do business online.

The Definition of a Data Sale

If data is exchanged from the operator to a third party for monetary consideration, it’s considered a sale, by the law. In other words, only the sale of this personal information is covered within the confines of the law.

The Difference Between the CCPA and the Nevada Privacy Law 

California’s CCPA is wide in scope and influences the behavior of significant Silicon Valley companies. It gives Californians the ability to request disclosure of the data that companies hold on an individual. It also includes the right to request deletion, as well as the right to opt-out.

Nevada’s law is limited to online and website services, whereas the CCPA covers a broad scope of data collection. The sale of data is defined more narrowly in the Nevada privacy law than with the CCPA, and the users maintain no right of action like they do in California.

In the CCPA, the covered information is any information that relates to the consumer or household. In Nevada, it’s more narrowly defined to a few common pieces of identifiable information.

Nevada’s privacy law is limited to customers and would not include someone who had their data stolen by a website without ever having purchased anything. For a Nevada business to comply, they simply need to update their privacy policy and include the opt-out abilities. Compliance with the CCPA is a more complex endeavor.

The Bottom Line on Nevada’s Privacy Law

While Nevada’s privacy law is a step forward in the data protection of US citizens, it’s not as encompassing as the CCPA or Europe’s GDPR. The right to opt-out only covers limited circumstances, leaving citizens exposed to other risks.

Even still it’s part of a growing trend of new privacy legislation and keeps the momentum flowing when it comes to the protection of citizens. It allows consumers more rights where there otherwise were none.

CookieScript and the Nevada Privacy Law 

It’s important to make sure that your business or organization remains in compliance with the Nevada privacy law, and any other privacy legislation. Our software platform can help you to adjust your tracking policies to comply with any applicable privacy legislation.

We can help you to create the opt-out mechanism within your website, track the responses, and adjust your policies and actions in accordance with customers’ wishes. CookieScript stays up to date and compliant with all different privacy laws, ensuring that your website remains in good standing.

Our software can be integrated into the majority of website building platforms, including WordPress, Wix, Shopify, Squarespace, and more. TCF 2.0 compliance can be activated as a supplement to regular functionality by simply going to Banner Settings > Enable IAB TCF 2.0.

It’s time to make sure that your website is protected and that you are in compliance with all relevant privacy laws, including the Nevada privacy law. Violations are expensive and can jeopardize the future of your business. If you are ready to take the next step, look at our various plans today, and decide what’s right for your business!

Frequently Asked Questions

What is the Nevada privacy law?

The Nevada privacy law is designed to protect the personal data of website users from the state of Nevada. It was enacted in October of 2019 and allows Nevada website users to opt out of the sale of their data.

How do businesses comply with the Nevada privacy law?

The main component of the Nevada privacy law is the requirement that businesses give web users the option to opt-out of the sale of their data. This can be done through the creation of a “Do Not Sell” link on the website that explains the option to users, and an automated fulfillment system for opt-out requests.

What type of data is covered by the Nevada privacy law? 

Some of the information covered by the Nevada privacy law includes name, physical and email addresses, social security numbers, personally identifiable information, or information that allows a user to be contacted.

What constitutes a data sale for the Nevada privacy law?

The Nevada privacy law covers data exchanged in a sale. It defines sales as any data exchanged for monetary consideration. This excludes data that might be obtained or stolen without a monetary transaction.

What is the difference between the Nevada Privacy Law and California CCPA? 

California’s CCPA is significantly broader in scope than the Nevada privacy law. For example, California residents have the right to request disclosure of the data that a company may hold on them. They can also request deletion of this data. This is more than the Nevada law allows.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.