Client Alert

Effective October 1: Nevada “Do Not Sell” Requirements for Website Operators

23 Sep 2019

In just over a week, on October 1, 2019, key amendments to Nevada’s online privacy law will take effect.[1] We previously detailed the amendments here. In brief:

  • Consumers have the right to opt out of the sale of their personal information. The law gives Nevada consumers the right to request that website operators refrain from a “sale” of their personal information. The right is much narrower than that offered by the California Consumer Privacy Act.[2] Specifically, under the Nevada law, “sale” means the disclosure of covered information for monetary consideration to a recipient that then licenses or resells the information to another person. Transfers to vendors and affiliates are exceptions to the definition.
  • All operators ‑ even those who do not “sell” ‑ must provide a point of contact to receive opt-out requests. Website operators must provide a “designated request address” (by email, online form, or toll-free number) to which Nevada consumers may submit do‑not-sell requests. Importantly, and unlike the CCPA, the law does not distinguish between operators who actually “sell” covered information and those who do not, and thus the Nevada law appears to require that all operators have a designated request address in place, even if they do not sell covered information.
  • Operators must grant verified requests within 60 days. Similar to the CCPA, operators must honor only those requests they can verify. They must act on verified requests within 60 days, with a 30-day extension if such an extension is “reasonably necessary.”

There is no private right of action under the Nevada law. The Attorney General is authorized to enforce the law and may seek civil penalties of up to $5,000 per violation.

[1] The amendments were passed as SB 220, and they amend Nevada’s online privacy law at NRS 603A.

[2] For information about the CCPA, please visit the MoFo CCPA Resources Page. The CCPA becomes operative on January 1, 2020.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.