Privacy & Information Security Law Blog

On June 2, 2021, Nevada’s governor approved SB 260 (the “Amendment Bill”), which expands on the previously amended Nevada Privacy of Information Collected on the Internet from Consumers Act (the “Act”). Specifically, the Amendment Bill broadens the definition of key terms along with providing several new exemptions.

The term “sale” is redefined as “the exchange of covered information for monetary consideration by an operator or data broker to another person.” This update is significant because the Act had defined “sale” as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.” The amended definition removes the limiting phrase “for the person to license or sell the covered information to additional persons.” Under this new definition, more types of activities are covered by the Act.

The Amendment Bill also identifies “data broker(s)” as a new type of entity subject to regulation.  “Data Broker(s)” are defined as “a person whose primary business is purchasing covered information about consumers with whom the person does not have a direct relationship and who reside in this State from operators or other data brokers and making sales of such covered information.” This term coupled with the new definition of “sale” means that, like operators, data brokers will be required to establish a designated request address through which a consumer may submit a verified request directing the data broker not to make any “sale” of covered information collected about the consumer. The data broker must respond to a verified opt-out request within 60 days of receipt.

The Amendment Bill also adds exemptions to the Act, including:

• Consumer reporting agencies, as defined by the Fair Credit Reporting Act (“FCRA”);
• Any personally identifiable information regulated by the FCRA;
• A person who collects, maintains or makes sales of personally identifiable information for the purposes of fraud prevention;
• Any personally identifiable information that is publicly available;
• Any personally identifiable information protected from disclosure under the Driver’s Privacy Protection Act of 1994; and
• Financial institutions or affiliates of financial institutions that are subject to the provisions of the Gramm-Leach-Bliley Act (“GLBA”), or any personally identifiable information regulated by the GLBA.

The Amendment Bill has an effective date of October 1, 2021.