DATA PRIVACY FOR NEVADA EMPLOYERS
Employers must be wary of a wide array of laws and regulations when it comes to dealing with private information of employees and customers. To avoid legal exposure, organizations must comply with obligations in each state and country in which it operates.
Laws on Privacy
While Nevada employers may have to comply with several privacy laws, such as Europe’s General Data Protection Regulation and the California Consumer Privacy Act, Nevada has its own statutory requirements. Nevada’s privacy statute, codified in NRS 603A, applies to “operators,” which are defined as any person who:
- Owns and operates a website for business purposes;
- Collects and maintains the personal information from consumers who reside in Nevada and use or visit the website; and
- Purposefully directs its activities towards Nevada, consummates a transaction with the State of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.
Not all Nevada businesses are subject to the state’s privacy laws. NRS 603A does not apply if an organization meets the following three criteria:
- the organization is located in Nevada;
- revenue is derived primarily from a source other than selling goods, services or credit on the company’s website; and
- the website has less than 20,000 unique visitors per year.
The law also does not apply to financial institutions that are regulated by the Gramm-Leach Bliley Act, companies that are subject to HIPAA, or if an organization manufactures, services or repairs motor vehicles. In addition, the law does not apply to persons who do not collect, maintain, or sell covered information.
What is Personally Identifiable Information in Nevada?
Nevada’s privacy laws apply to websites that collect personally identifiable information (“PII”). Nevada defines PII as a natural person’s first name or first initial and last name in combination with one or more of the following identifiers, when the name and identifiers are not encrypted:
- Social Security Number;
- Driver’s license number or identification card number;
- Account number, credit card number, debit card number, in combination with any required security code, access code, or password that would permit access to that person’s financial account.
- The categories of PII collected;
- The categories of third parties with whom that PII is shared;
- A description of the process (if such process exists) for the user to review and request changes to his or her PII;
- Whether or not you sell the PII of Nevada consumers;
- A designated request address at which Nevada consumers can submit a request asking you not to sell their PII;
- If a third party collects information about the user throughout different websites (cookies); and
The state’s Attorney General’s office enforces this privacy law and can impose penalties of up to $5,000 per violation. “Per violation” can refer to each website visitor whose privacy rights were infringed upon. Accordingly, the statutory penalties for such violations can accrue very quickly.
Join Our Mailing List
Sign up here to receive monthly email updates on the latest NAE news, HR issues, special events, training dates and more!