Nevada SB 220 provides consumers the right to opt out of the sale of their personal information. It is narrower than comprehensive laws like the CCPA.
Nevada Privacy & Accessibility Laws
Nevada was one of the first states to enact consumer privacy legislation with SB 220, which became effective October 1, 2019. While not as comprehensive as the CCPA, Nevada's law provides consumers with the right to opt out of the sale of their personal information. Nevada state agencies must ensure their digital services are accessible to individuals with disabilities.
→
Privacy Law Status
SB 220 (Opt-Out Law)
→
Accessibility Requirements
State Government Websites
Nevada state agencies must ensure websites and digital services are accessible under ADA Title II and state IT policies.
Nevada Privacy Law (SB 220)
Nevada SB 220 was one of the earliest state privacy laws in the nation, predating the CCPA's effective date.
Key Dates
- Enacted: May 29, 2019
- Effective Date: October 1, 2019
- Amended: 2021 (expanded definition of "sale")
Who Must Comply?
Nevada SB 220 applies to:
| Category | Description |
|---|---|
| Operators | Websites or online services that collect and maintain covered information from Nevada consumers |
| Data Brokers | Businesses primarily engaged in collecting and selling personal information (registration required) |
Consumer Rights Under SB 220
| Right | Description |
|---|---|
| Right to Opt-Out | Consumers can submit verified requests directing operators not to sell their covered information |
| Response Requirement | Operators must respond to opt-out requests within 60 days (may extend 30 days) |
Key Differences from Comprehensive Laws
Nevada SB 220 is more limited than comprehensive privacy laws like the CCPA:
- Only provides an opt-out right (no access, deletion, or correction rights)
- Narrower definition of "sale" (though expanded in 2021)
- Applies to "operators" rather than broad categories of businesses
- No data minimization or purpose limitation requirements
Data Broker Registration
Nevada requires data brokers to register with the state:
- Annual registration with the Secretary of State
- Registration fee: $295
- Must maintain opt-out mechanism for consumers
- Failure to register: $50 per day penalty
Data Breach Notification
| Requirement | Details |
|---|---|
| Notification Timeline | As soon as reasonably practicable |
| Covered Data | Name plus SSN, driver's license, financial account, or medical information |
| Method | Written notice or electronic notice if consistent with E-SIGN Act |
Accessibility Requirements
Nevada government agencies must ensure digital accessibility for all residents:
State Government Obligations
- Nevada state agencies must comply with ADA Title II for all public-facing digital content
- Division of Enterprise Information Technology Services provides accessibility guidance
- State websites must follow WCAG 2.1 Level AA guidelines
- Educational institutions must ensure accessible digital learning materials
- Gaming Commission websites must be accessible due to high public usage
Private Sector Considerations
- Businesses with physical locations in Nevada are subject to ADA Title III
- Gaming and hospitality industry has high visibility for accessibility
- Website accessibility claims can be brought under federal ADA
- Healthcare providers must ensure accessible patient portals
Enforcement
→
Privacy Enforcement
- Nevada Attorney General - Enforcement authority for SB 220
- 60-day response period - Operators have 60 days to respond to opt-out requests
- No private right of action - Only AG can enforce
Contact:
Office of the Attorney General
Bureau of Consumer Protection
555 E. Washington Avenue, Suite 3900
Las Vegas, NV 89101
(702) 486-3132
→
Accessibility Enforcement
- U.S. Department of Justice - ADA Title II and III enforcement
- Nevada Equal Rights Commission - State disability discrimination
- Private litigation - Federal ADA claims
Contact:
Nevada Disability Advocacy & Law Center
2820 W. Charleston Blvd., Suite 11
Las Vegas, NV 89102
(702) 257-8150
SB 220 Penalties
| Violation Type | Maximum Penalty |
|---|---|
| Per violation | $5,000 per violation |
| Injunctive relief | Court may order compliance |
| Data broker non-registration | $50 per day |
Business Obligations
| Obligation | Description |
|---|---|
| Privacy Notice | Post notice identifying categories of covered information collected and third parties with whom it may be shared |
| Opt-Out Mechanism | Provide designated request address for consumers to submit opt-out requests |
| Request Response | Respond to verified opt-out requests within 60 days (may extend 30 days) |
| Data Broker Registration | Register annually if operating as a data broker in Nevada |
| Breach Notification | Notify affected individuals as soon as reasonably practicable |
Consumer Rights
Nevada residents have the following privacy rights:
- Right to Opt-Out: Direct operators not to sell covered personal information
- Verified Requests: Submit verified requests using designated address
- Response Guarantee: Receive response within 60-90 days
- Breach Notification: Right to timely notice of data breaches
- Data Broker Transparency: Access to list of registered data brokers
- Credit Freeze: Right to place security freezes on credit reports
Comprehensive Law Consideration
Nevada legislators have considered more comprehensive privacy legislation in recent sessions. Businesses should monitor legislative developments for potential expansion of consumer rights beyond the current opt-out framework.
Related Resources
- US Privacy Laws Overview
- ADA Title II Requirements
- ADA Title III for Businesses
- All State Laws
- Privacy Compliance Guide
- Report a Violation
Need Help with Nevada Compliance?
Nevada SB 220 has been in effect since October 2019. Businesses must provide opt-out mechanisms and data brokers must register. Contact our experts for guidance on meeting your obligations.