Blog details

Internet Privacy Act becomes law in US state of Nevada.

On Oct 1st 2019, Nevada enacted the Senate Bill 220. This bill, also referred to as “An Act relating to internet privacy” came into effect some three months before the much anticipated January 1, 2020 compliance deadline of  California Consumer Protection Act.

According to the bill document, the adopted SB220 prohibit  an operator of an internet website or online service which collects certain information from consumers in the state of Nevada from making any sale of certain information about a consumer if so directed by the consumer. Essentially this bills centres on a consumer’s right to opt-out.

In order to facilitate consumer opt-out, the bill mandates that internet or online service operators establish a designated request address through which a consumer may submit a verified request directing the operator not to make any “sale” of covered information collected about the consumer.

“Sale” is defined by the bill as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”

Meanwhile covered information is expounded to be any data which is gathered and maintained in accessible form by an operator via website of online service including:

1. A first and last name

2. A home or other physical address which includes the name of a street and the name of a city or town

3. An electronic mail address

4. A telephone number

5. A social security number

6. An identifier that allows a specific person to be contacted either physically or online.

7. Any other information concerning a person collected from the person through the Internet website or online service of the operator and maintained by the operator in combination with an identifier in a form that makes the information personally identifiable

Who must comply with  SB220?

The bill establishes operators as a person who:

(a) Owns  or  operates  an  Internet  website  or  online  service  for commercial purposes;

(b) Collects and maintains covered information from consumers  who  reside  in  this  State  and  use  or  visit  the  Internet  website or online service; and

(c)Purposefully    directs    its    activities    toward    this    State, consummates some transaction with this State or a resident thereof, [or] purposefully   avails   itself   of   the   privilege   of   conducting activities in  this  State or  otherwise engages in  any  activity  that constitutes   sufficient   nexus   with   this   State   to   satisfy   the requirements of the United States Constitution.

Consequences of Non compliance with SB220

The bill authorizes the Attorney General to seek a temporary or permanent injunction or a civil penalty not exceeding $5000 for each violation.

Does your company conduct business with residents of Nevada and/or California? Have the necessary steps been taken to ensure compliance including the set up of designated request address? Aphaia provides both GDPR, CCPA and SB220 adaptation services, including data protection impact assessments and Data Protection Officer outsourcing.