Nevada Privacy Law: What is SB220?
Last Updated: March 18, 2020
SB220 is an act in Nevada that outlines how operators of websites can collect and sell data of consumers in Nevada. It went into effect on October 1,2019.
The law exempts healthcare and financial institutions subject to GLBA and HIPAA from having to provide details of the personal information sold or disclosed. The main website requirement for organizations is adding “designated request address” where consumers can submit requests for the operator not to sell any of their information. This can either be an electronic mail address, a toll-free telephone number, or a website through which a Nevadan can submit a request.
SB220 applies to operators, defined in Nevada’s first privacy law, NRS 603A as:
- The owner or operator of a commercial website
- Someone who collected “covered information” and
- Conducts business with consumers in Nevada or
- Has sufficient “nexus” with Nevada, including:
- Having an office in Nevada
- Have goods in storage within Nevada
- Deliver goods to Nevada
Similar to CCPA and GDPR, SB220 has extraterritorial reach to companies outside of Nevada.
CookiePro helps with compliance with SB220 and many other global privacy regulations.