Nevada Privacy PolicyNevada Privacy Policy Website Updates

For those clients that have Privacy Policy Auto-Updates with us, here is a quick updates on what’s happening…Nevada Privacy Policies changes to their law is taking effect on October 1st, 2019. This law requires you to disclose (in your Privacy Policy) if you sell the personal information of Nevada residents. If you do sell this information, you must allow Nevada residents to opt out of such sales. We will be updating your Privacy Policy shortly to ensure that you stay compliant but we need you to answer one question first.

Action Required:

Do you sell the personal information that you collect on your website? Whether or not you sell the data you collect, you need to properly disclose it. Here are the steps you need to follow:

Please note to be compliant, you must update your policies by October 1st to remain compliant!

Not sure what this is all about? Keep reading below…

What is the Nevada Law?

After the passage of the California Consumer Privacy Act (“CCPA”), many other states have been chomping at the bit to enact their own privacy laws or change their existing privacy laws to better protect their citizens. On May 29th, 2019, Nevada became the first state to follow in the footsteps of California by enacting an amendment to its existing privacy law.

Existing Nevada law (Chapter 603A of the Nevada Revised Statutes) requires businesses that collect personal information on their websites to have a Privacy Policy and has a list of items these Privacy Policies have to disclose. The most recent amendment to this law prohibits these businesses from selling the private information of consumers if the consumer opts out of such sales. The amendment also includes a required change to the disclosures found in the Privacy Policy.

The amendment to the Nevada privacy law goes into effect on October 1st, 2019.

Who does it apply to?

Does your business need to comply with the Nevada privacy law?

The Nevada privacy law applies to “operators”, which are defined as any person who meets all of the below:

(a) Owns and operates a website or online service for business purposes;
(b) Collects and maintains the personal information (defined on pg 8) from consumers who reside in Nevada and use or visit the internet website or online service; and
(c) Purposefully directs its activities towards Nevada, consummates a transaction with the state of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.

Examples:

Does your business need to comply with the Nevada privacy law?

The following are examples of some businesses to which the Nevada privacy law would apply:

1. Businesses that advertise their products or services in Nevada (any website using any digital marketing);
2. Businesses that ship their products or services to Nevada (any ecommerce store shipping to Nevada);
3. Businesses that sell their products or services to Nevada citizens (any ecommerce store selling to Nevada citizens).

When does the law not apply?

The Nevada privacy law does not apply to you if you meet all of the following:

(a) You are located in Nevada;
(b) Your revenue is derived primarily from a source other than selling goods, services or credit on your website or online service; and
(c) Your website or online service has less than 20,000 unique visitors per year.

The law also does not apply to you if you are a financial institution that is regulated by the Gramm-Leach Bliley Act, if you are subject to HIPAA or if you manufacture, service or repair motor vehicles.

Finally, the law does not apply to you if you operate, host or manage a website or online service on behalf of a third party. Note that the law would still apply to the third party.

 

What is “personal information”?

Do you collect these types of information from residents of Nevada?

The Nevada privacy law applies to you if you meet the requirements noted earlier and you collect one or more of the following types of information from residents of Nevada via your website or online service:

(a) First and last name;
(b) A home or other physical address that includes the name of a street and the name of a city or town;
(c) E-mail address;
(d) Phone number;
(e) Social security number;
(f) Any identifier that allows a person to be contacted either physically or online;
(g) Any other information collected about a person that, in combination with any of the above, can be used to identify a person.

If the Nevada privacy law applies to you, you are required to have a Privacy Policy.

According to the Nevada privacy law (original text), your Privacy Policy needs to contain the following:

(a) The categories of personal information collected;
(b) The categories of third parties with whom that information is shared;
(c) A description of the process (if such process exists) for the user to review and request changes to his or her personal information;
(d) A description of the process by which you let users know of any changes to your Privacy Policy (if such process exists);
(e) If a third party collects information about the user throughout different websites (e.g. cookies); and
(f) The effective date of the Privacy Policy.

What are the requirements of the amendment?

Are you compliant with the amendment of the law?

The amendment to the Nevada privacy law requires you to establish a designated request address through which a user may submit a request asking you not to sell their personal information.

A designated request address can be an email address, toll-free phone number or website where a consumer can submit the request. This address must be published on your website’s Privacy Policy.

When you receive such a request, you must respond to the request within 60 days of the receipt of the request and must not sell the personal information of that consumer.

The penalty for non-compliance is a maximum of $5,000 per violation.

Compliance checklist

What you need to do to comply with the law

To comply with the Nevada privacy law, you must do the following:

Make sure that you have a Privacy Policy that has all of the required disclosures;
Update your Privacy Policy to disclose whether you sell the personal information of users;
Update your Privacy Policy with the designated address where users from Nevada may opt out of you selling their information (if you do sell it); and
Create standard operating procedures for processing the requests of Nevada residents.

Don’t have the time to update your Privacy Policy every time the laws change?

Sign up for Our Auto-Updating Website Policies today!

We will update your Privacy Policy whenever the laws change, including for the Nevada privacy law.

Future Updates:
While we can’t control what new laws are created, we will certainly remain focused on making these changes as painless and easy for you as possible!

If you have any questions, need help, or would like to get started, please contact Jordan at [email protected] or (785) 236-1777.