What is the Nevada Privacy Law?
Nevada’s new law, SB-220, which requires website operators to honor opt-out procedures, went into effect October 1, 2019. Nevada’s Senate Bill 220, or “An Act relating to Internet privacy,” requires organizations who run websites that collect and maintain data comply with requirements set by the law.
The main website requirement for organizations is adding “designated request address” where consumers can submit requests for the operator not to sell any of their information. This can either be an electronic mail address, a toll-free telephone number, or a website through which a Nevadan can submit a request.
- Understand what personal information is covered under the law.
- Customize a request form with a “Do Not Sell” link to enable users to opt-out of advertising and data collection cookies on your website.
- Automate the intake and fulfillment of consumers' requests to access or delete their personal information.
- Track do not sell requests by various unique identifiers, such as account number or device ID, and respond within 60 days.
The Nevada Privacy Law applies to an “operator of an Internet website or online service which collects certain items of personally identifiable information about consumers” in Nevada.
How to Comply with SB-220
Nevada consumers will be able to opt-out of the sale of “covered information,” which includes any of the following items collected through a website or online service:
- A first and last name.
- A home or other physical address which includes the name of a street and the name of a city or town.
- An electronic mail (email) address.
- A telephone number.
- A social security number.
- An identifier that allows a specific person to be contacted either physically or online.
- Any other information concerning a person collected from the person through the Internet website or online service of the operator and maintained by the operator in combination with an identifier in a form that makes the information personally identifiable.
If you collect and transfer the personal information of Nevada residents, you may be subject to the the law. Leverage CookiePro’s Opt-Out Builder to create and customize a sleek and actionable “Do Not Sell My Personal Information” link or button for your website.
Nevada’s new law states that organizations within the scope of the law “shall establish a designated request address through which a consumer may submit a verified request.” Tracking requests to opt-out of the sale of personal information via email (e.g. [email protected]) or telephone number is far from scalable.
With CookiePro Consumer Rights Management, your organization can direct consumers to a customizable, branded web form to intake and verify opt-out requests. These requests are funneled into a central queue within CookiePro to streamline request fulfillment.
As is the case under the GDPR and the CCPA, organizations must verify the identity of the consumer before responding to a request.
CookiePro Consumer Rights Management also facilitates this verification when a consumer submits an opt-out request, whether it’s submitting an ID via a secure attachment, two-step email confirmation, or other methods such as requesting a piece of information that only the consumer would know.
The GDPR grants organizations 30 days to respond to consumer’s requests, while the CCPA is more lenient at 45 days. The Nevada law extends this timeline further to 60 days, while also giving organizations the right to a 30-day extension if reasonably necessary. The three laws have different extension regimes and require operators to inform consumers within different time windows.
CookiePro Consumer Rights Management helps you track and prioritize requests based on which law applies. For example, organizations can create distinct workflows based on where the request is coming from and set timelines accordingly. This enables your team to know the number of days left to respond and can help you prioritize incoming requests as well as manage extension notices.