Reminder: Deadline for Nevada Privacy Compliance is October 1st!

As CCPA compliance continues to take center stage in privacy related headlines, this is a reminder that Nevada’s new sale opt-out requirements become effective on October 1, 2019, giving businesses a little over a week to ensure compliance. As previously discussed in this blog, Nevada will require certain website operators to provide a right to opt-out of the sale of their “covered information.” The term “sale” is defined more narrowly than in CCPA and is limited to exchanges where monetary consideration is paid and the recipient of the information will further sell or license the information. Also unlike CCPA, Nevada requires operators to offer this opt-out right whether or not they are currently engaged in the sale of covered information (and, if not, apply the opt-out to any future sale).

Businesses should do two things as soon as possible. First, analyze data sharing practices to determine whether any of them amount to a “sale” under Nevada’s law. Remember that while the “sale” definition provides a seemingly broad carve out for data transfers where the recipient will not further sell or license the data, there may be unexpected situations where third parties are actually providing a subsequent license to that data. Therefore, contracts may need to be reviewed in order to confirm. Second, create a mechanism for users to opt-out of current or future sales depending on the results of the analysis (e.g., an email address to intake requests) and update your privacy policy to provide notice of this opt-out procedure.