As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received significantly less attention than its California counterpart. Even so, the new Nevada privacy law presents its own compliance challenges that companies shouldn’t overlook in the CCPA compliance scramble.
To see a countdown clock and find resources on how to prepare for Nevada’s SB 220 and the CCPA, see our U.S. Consumer Privacy Resource Center.
Inconsistencies and Compliance Challenges
The amended Nevada privacy law establishes a requirement that “operators” of internet websites or online services set up a procedure whereby Nevada residents are given the opportunity to opt out of data sales. Specifically, organizations must establish a “designated request address”—which can be a toll-free phone number, email address, or internet website—where Nevada residents may submit requests to opt out of data sales. Companies must cease the sale of a Nevada resident’s data upon receipt of a “verified request,” defined as a “request submitted by a consumer … for which an operator can reasonably verify the authenticity of the request and the identity of the consumer using commercially reasonable means.”