Website Operators In or Targeting Nevada, You Have Privacy Policies To Implement by October 1, 2017
- Jodka, Sara H. Krieger, John L.
- Industry Alerts
As of October 1, 2017, Nevada will join California and Delaware to require the operators of certain websites and online services to post a notice on their website informing users about their privacy practices. The law, which will amend Nevada’s Security of Personal Information statute (NRS 603A – Security of Personal Information), will exclude in-state entities that derive revenue primarily from sources other than online sales and have fewer than 20,000 unique visitors per year. Under the law, five categories of information are expressly mandated to be in the notice. Specifically, the notice must:
- Identify the categories of “covered information” collected through the website and the categories of third parties with whom that information may be shared;
- Describe the process, if any, by which users may review and request changes to covered information collected through the website;
- Disclose whether third parties may collect information about users’ online activities from the website;
- Provide an effective date of the notice; and
- Describe how the website operator will notify consumers of material changes to the notices required to be made under the new law.
For purposes of this law, “covered information” includes:
- A first and last name;
- A home or other physical address that includes the name of a street and the name of a city or town;
- An electronic mail address;
- A telephone number;
- A social security number;
- An identifier that allows a specific person to be contacted either physically or online; and
- Any other information concerning a person collected from the person through the website or online service in combination with any identifier in a form that makes the information personally identifiable.
Once the law is enacted, the Nevada Attorney General will have the power to issue temporary or permanent injunctions and to assess penalties of up to $5,000 per violation to enforce compliance. The law does not establish a private cause of action, which means no individual website users can sue an entity for violating the law, but it also does not preempt any other remedies provided by law.
If you have any questions about the applicability of the law to your website or online services, or need your privacy policy updated and revised in line with the law, please contact one of our data privacy and cybersecurity attorneys.
This client alert is published by Dickinson Wright PLLC to inform our clients and friends of important developments in the field of data privacy and cybersecurity law. The content is informational only and does not constitute legal or professional advice. We encourage you to consult a Dickinson Wright attorney if you have specific questions or concerns relating to any of the topics covered in here.
FOR MORE INFORMATION CONTACT:
Sara H. Jodka is Of Counsel in Dickinson Wright’s Columbus office. She can be reached at 614.744.2943 or sjodka@dickinsonwright.com.
Justin L. Root is Of Counsel in Dickinson Wright’s Columbus office. He can be reached at 614.591.5465 or jroot@dickinsonwright.com.
John L. Krieger is a Member in Dickinson Wright’s Las Vegas office. He can be reached at 702.550.4439 or jkrieger@dickinsonwright.com.
For a printable version of this cybersecurity alert, click here.
Related Services
Contacts
Recent Insights
- Webinars A Step-by-Step Guide Through California's (and now Nevada's) Consumer Privacy Acts
- Industry Alerts The Times They Are A-Changin’: More States and Cities Move Ahead of the Courts by Prohibiting the Use of Prior Salary Information in Hiring
- Industry Alerts Ohio’s Minimum Wage Set to Rise January 1, 2017 and Mandatory Poster
- January 13, 2021 In the News Sara Jodka Earns CIPP/E Certification from the International Association of Privacy Professionals
- November 23, 2020 Industry Alerts Canadian Data Privacy Laws Are Changing. Is Your Business Ready to Keep Up?
- November 13, 2020 Industry Alerts While the Nation Focused on the Presidential Race, California Expanded Its Privacy Laws and “Yes” Non-California Businesses Are Likely Impacted
- April 2020 Industry Alerts COVID-19 Poses Increased Cybersecurity Risks to Employers and Businesses
- March 11, 2020 Media Mentions Sara Jodka Quoted by The Journal of Cyber Policy on Cyberinsecurity
- February 2020 Media Mentions Sara Jodka Discusses Facebook’s Argument Against the California Consumer Privacy Act with Consumer Affairs