Nevada enacts internet privacy act
Internet Privacy Act becomes law in US state of Nevada.
On Oct 1st 2019, Nevada enacted the Senate Bill 220. This bill, also referred to as “An Act relating to internet privacy” came into effect some three months before the much anticipated January 1, 2020 compliance deadline of California Consumer Protection Act.
According to the bill document, the adopted SB220 prohibit an operator of an internet website or online service which collects certain information from consumers in the state of Nevada from making any sale of certain information about a consumer if so directed by the consumer. Essentially this bills centres on a consumer’s right to opt-out.
In order to facilitate consumer opt-out, the bill mandates that internet or online service operators establish a designated request address through which a consumer may submit a verified request directing the operator not to make any “sale” of covered information collected about the consumer.
“Sale” is defined by the bill as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”
Meanwhile covered information is expounded to be any data which is gathered and maintained in accessible form by an operator via website of online service including:
1. A first and last name
2. A home or other physical address which includes the name of a street and the name of a city or town
3. An electronic mail address
4. A telephone number
5. A social security number
6. An identifier that allows a specific person to be contacted either physically or online.
7. Any other information concerning a person collected from the person through the Internet website or online service of the operator and maintained by the operator in combination with an identifier in a form that makes the information personally identifiable
Who must comply with SB220?
The bill establishes operators as a person who:
(a) Owns or operates an Internet website or online service for commercial purposes;
(b) Collects and maintains covered information from consumers who reside in this State and use or visit the Internet website or online service; and
(c)Purposefully directs its activities toward this State, consummates some transaction with this State or a resident thereof, [or] purposefully avails itself of the privilege of conducting activities in this State or otherwise engages in any activity that constitutes sufficient nexus with this State to satisfy the requirements of the United States Constitution.
Consequences of Non compliance with SB220
The bill authorizes the Attorney General to seek a temporary or permanent injunction or a civil penalty not exceeding $5000 for each violation.
Does your company conduct business with residents of Nevada and/or California? Have the necessary steps been taken to ensure compliance including the set up of designated request address? Aphaia provides both GDPR, CCPA and SB220 adaptation services, including data protection impact assessments and Data Protection Officer outsourcing.
Latest posts by Christine Chrycee Charlemagne (see all)
- The UK’s ICO Publishes Age Appropriate Design Code - January 31, 2020
- Employer/ Employee relations : A GDPR perspective - January 29, 2020
- The ICO has imposed a fine on UK retailer due to poor security safeguards - January 24, 2020