Key Point: Although not as far-reaching as the CCPA, the Nevada legislation will require entities subject to the statute to revise their online privacy notices and create an internal process to ensure compliance with the new opt-out right.
As we previously reported, the Nevada legislature has been considering legislation to amend Nevada’s existing online privacy notice statutes, NRS 603A.300 to .360. On May 23, 2019, the Nevada Assembly unanimously passed that legislation. The Senate previously passed it in April. The legislation is now headed to the Governor’s office for signature.
The legislation amends Nevada’s law in two notable ways. First, entities subject to the statute will need to establish a designated request address through which consumers can submit verified requests directing the entity not to make any “sale” of covered information collected about consumers. That provision will be enforceable only by the Nevada Attorney General’s office which can seek an injunction or $5,000 penalty for “each violation.” Second, the legislation excludes financial institutions subject to the Gramm-Leach-Bliley Act, HIPAA covered entities, and certain motor vehicle manufacturers from having to comply with the online privacy notice statute.