On May 29, 2019, Nevada adopted Senate Bill No. 220 emulating portions of the California Consumer Protection Act (“CCPA”) with respect to permitting individuals to opt out of the sale of their personal information. While Nevada may be the second state to pass legislation on the sale of personal information, its bill will be the first to go into force. SB 220 goes into effect October 1, 2019,1 before the CCPA’s current compliance deadline of January 1, 2020.
Although Senate Bill No. 220 incorporates the CCPA’s concept of permitting consumers to object to the sale of their information, it does not adopt any other concepts from the CCPA. In addition, it avoids many of the drafting errors and ambiguities of the CCPA, as well as the business impracticalities of the CCPA by:
SB 220 expressly states that it does not provide for a private right of action. Enforcement rests exclusively with the attorney general. If the attorney general believes that an operator has violated SB 220, the attorney general may institute appropriate legal proceedings. Available remedies include (1) issuance of a temporary or permanent injunction, or (2) the imposition of a civil penalty of no more than $5,000 per violation.
While it remains to be seen whether any other states will pass new privacy legislation this year, and what the effective date of any such legislation would be, SB 220 advances the deadline for implementation of at least one part of a US compliance program by three months.
1. SB 220 does not proscribe an effective date. Pursuant to Nevada law, in the absence of an effective date, a bill will automatically become effective on October 1 of the year in which the bill is passed.
2. CCPA § 1798.140(o)(1).
3. CCPA § 1798.140(t)(1).