Nevada
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Attorney Gen. may bring action
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Nevada Privacy Law Information
An organization that maintains records with personal information must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure. If measures are not taken, the organization may be held liable for damages related to the breach. Organizations must contract with Vendors to whom the Organization discloses personal information. Operators of Internet websites or online services and data brokers who collect personal information from consumers in Nevada must provide consumers the right to opt-out of the sale of their personal information and must implement processes to support this option.
If breach notification is required to more than 1,000 persons, it must also be reported, without unreasonable delay, to specified consumer reporting agencies.
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications. Vendors must have measures in place to protect personal information from unauthorized access, acquisition, destruction, use, modification or disclosure. Vendors who are businesses operating in Nevada must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable.
Organizations may be fined or penalized for Vendor violations. Nevada State Attorney General may bring an action to obtain a temporary or permanent injunction for violation of the ‘Security of Personal Information’ laws. An organization may be liable for damages if it cannot prove compliance with the breach, notification, and data protection laws. A data collector that must send breach notifications may commence an action for all damages from whomever illegally accessed their records and may be rewarded restitution.
Nevada Statutes and Laws
“Breach of the security of the system data” defined
Destruction of certain records
Security measures
Security measures for data collector that accepts payment card; use of encryption; liability for damages; applicability
Alternative methods of and technologies for encryption
Disclosure of breach of security of system data; methods of disclosure
Notice regarding privacy of information collected on internet from consumers
Civil action
Restitution
Injunction
Information security and privacy policy, VII. Breaches in security
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.