State Governor signs in new privacy law

UPDATED Nevada residents will now have more control over their digital identity following the passing of a new privacy law prohibiting businesses from selling personal data without consent.

The law, SB-220, was signed by state governor Steve Sisolak on May 29, giving consumers the ability to stop websites and online services from selling on their personal information.

Data governed by the rules includes names, addresses, email addresses, telephone numbers, Social Security numbers, and any other personally identifiable information that’s collected by a for-profit site operator.

“A consumer may, at any time, submit a verified request through a designated request address to an operator directing the operator not to make any sale of any covered information the operator has collected or will collect about the consumer,” the bill, a revision to the Nevada statues on personal information security (603A), reads.

Organizations that fail to respond to a consumer’s opt-out request within 60 days may be fined a maximum $5,000 per violation, with the state attorney general heading the enforcement.

An injunction, either temporary or permanent, is also possible.

Those already compliant to federal privacy legislation such as the Health Insurance Portability Act (HIPAA) or the Financial Modernization Act are exempt from the adhering to the new law.

These organizations will no longer have to provide consumers with privacy policies mandated under Nevada’s existing data protection requirements, according to the bill, which is said to be modelled on California’s Consumer Privacy Act (CCPA).

The CCPA, set to come into effect on January 1, 2020, takes on a wider scope, granting protection for consumers with regards to the collection of personal data as well as processing by third parties, for example.

“This law amends an existing online privacy notice law, is significantly narrower than the California Consumer Privacy Act (CCPA) and was created to work along with Nevada’s existing privacy and security laws and is based in the state’s concerns over the transparency of third-party data sales in the state,” Teresa Troester-Falk, chief global privacy strategist at data protection specialist Nymity, told The Daily Swig.

“The CCPA was the first law that will allow consumers to opt-out of their personal data sold. Although the sale opt-out right sounds familiar to the one in the CCPA, some important definitions in SB-220 significantly limit the scope.”

SB-220 is likely to extend its reach too, once it is implemented on October 1.

This article has been updated to include comments from Teresa Troester-Falk.

RELATED GDPR vs. CCPA: Which goes further to protect personal data?