While California held the collective attention of privacy professionals nationally in preparation for the effective date of the California Consumer Protection Act (CCPA), Nevada has snuck in a privacy law of its own. On October 1, 2019, SB 220 will become effective (which beats the CCPA effective date by three months). Should you turn your attention away from the CCPA and focus on this new Nevada law? What does this mean for your business?
Thankfully, it appears that SB 220 will have a much more limited application and a narrower scope than the CCPA. CCPA compliance should remain your goal! SB 220 is only applicable to businesses which are exchanging the covered information belonging to consumers residing in Nevada for monetary consideration to a person for said person to then license or sell the covered information to additional persons. The Nevada privacy law has similar notice requirements that we have seen in the CCPA and GDPR. Businesses which fall in the very narrow category described above should be prepared to notify Nevada consumers: (1) to whom they are disclosing covered information and (2) exactly what information is being disclosed. Failure to follow this new law could cost your business $5,000 for each violation, and unlike the CCPA, there is no 30-day period to cure any violations. SB 220 also has no private right of action; enforcement comes directly through the Nevada Attorney General.
View entire article here.