While businesses prepare to comply with the California Consumer Privacy Act (CCPA), Nevada has followed California’s lead and has amended its law to provide consumers with the right to opt-out of the “sale” of their personal information by website operators.

The amendment, SB 220, will take effect October 1, 2019, three months before the effective date of the CCPA. Accordingly, nationwide website operators focusing on CCPA compliance now will also need to make changes to their posted privacy notices and internal procedures to comply with the Nevada law by October.

Under the new law, covered operators must provide consumers with notice of a designated email, toll-free phone, or website address to submit opt-out requests. Operators will have 60 days to respond to “verified requests” to opt-out. The legislation defines a “verified request” as a request for which “an operator can reasonably verify the authenticity of the request and the identity of the consumer using commercially reasonable means,” but does not define what constitutes “commercially reasonable means.”

While the opt-out concept is similar to the heart of CCPA, Nevada’s definition of a “sale” is narrower than under CCPA. Nevada’s definition is limited to “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons,” whereas CCPA’s definition extends to the sharing of personal information for non-monetary consideration (“other valuable consideration”).

The Nevada law also differs from CCPA by employing a narrower definition of personal information than under CCPA.

The Nevada law also includes a number of exemptions from its definition of covered “operators” who: (1) own or operate a website or online service for commercial purposes; (2) collect and maintain Nevada residents’ personally identifiable information; and (3) purposefully direct their activities toward Nevada. The exemptions include financial institutions subject to the provisions of the Gramm-Leach-Bliley Act, health care providers (and related entities) subject to HIPAA, manufacturers and servicers of motor vehicles, and third-party service providers supporting the business of an “operator.” Penalties include injunctive relief or up to $5,000 per violation, enforceable by the State Attorney General’s Office.

For guidance on U.S. privacy compliance or more information about Nevada’s new law, please contact the authors identified below, or your Greenberg Traurig attorney.

For more information on the California Consumer Privacy Act, click here.

Print:
EmailTweetLikeLinkedIn
Photo of Gretchen A. Ramos Gretchen A. Ramos

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact…

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of other projects—and little time—on their hands.

Gretchen’s clients come from diverse industries, including technology (SaaS), health care and life sciences, consumer products, manufacturing, academic institutions, and non-profits. She provides clients with practical business advice on compliance with state and federal U.S. laws, GDPR, APEC, and other global privacy laws in relation to their external and internal privacy and security procedures, product and app development, and advertising practices. Gretchen also regularly drafts and negotiates contracts concerning data-related vendors, assists clients in assessing privacy risks in corporate transactions, and provides guidance on and conducts privacy and security assessments. She has managed dozens of data breaches, and helps clients prepare for and immediately respond to security incidents and breaches.

Photo of Ed Chansky Ed Chansky

Ed Chansky focuses his practice in the areas of intellectual property (particularly development, selection, protection and licensing of trademarks worldwide) and advertising, sales promotion, and trade-regulation law, including charitable promotions, cause-related marketing, sweepstakes, contests, gift cards, eCommerce, substantiation of advertising claims, social gaming,

Ed Chansky focuses his practice in the areas of intellectual property (particularly development, selection, protection and licensing of trademarks worldwide) and advertising, sales promotion, and trade-regulation law, including charitable promotions, cause-related marketing, sweepstakes, contests, gift cards, eCommerce, substantiation of advertising claims, social gaming, social media, and all aspects of unfair or deceptive trade practices in a wide variety of industries.

A trusted advisor to many national companies, Ed is a frequent speaker at seminars and conferences on advertising and promotion law topics, including sweepstakes, premium production, coupon and rebate offers, charitable promotions, social gaming, and social media, and has helped shape state legislation affecting sales promotion matters. He also works with clients on a wide range of contract and licensing matters, including agency-client agreements in the advertising and sales promotion industries, software and website development, privacy policies and terms of use, and other matters affecting intellectual property, marketing and electronic commerce. For many years, he worked as a part-time musician (trombone) playing everything from grand opera to rhythm and blues.