What is the Nevada Privacy Law?
Nevada has marked itself as a pioneer by following California’s footsteps and becoming the second state to approve new privacy laws aimed at protecting the consumers information. The new legislation requires owners and operators of internet websites as well as online commercial providers to allow consumers the right to opt-out of the sale of their personal information.
Since no specific effective date has been chosen, the law will come into effect on October 1st, 90 days prior to California’s CCPA. Companies from a wide range of sectors such as retail, telecom, insurance will be subject to the new law and can face temporary or permanent injunction as well as penalties of up to $7500 per violation. Last but not least, the new legislation contains many exemptions, for example, healthcare and financial institutions who are subject to HIPAA and GLBA, respectively.
What are its main points?
Consent and Right to Opt Out
As it is mentioned in the CCPA, Nevada consumers will also have the option to opt-out of the sale of their personal information, which includes certain items that were collected through an online service or a website: telephone number, social security number, physical address, etc. The operators are required to include a privacy notice, which will describe the type of personal information collected as well as the third-parties with whom they intend to share the information with. Organizations will have to create a request address where consumers will have the opportunity to submit a request to opt-out of the sale of their information. The Nevada privacy Law grants companies 60 days to answer these requests, during which they will be required to verify the identity of the consumers who submitted them.
How SecuPi Helps:
SecuPi’s ability to redact, hide, mask or block individual customers from consent-driven data-flows and processes is the cornerstone of its platform consent support.
- The Consent process starts with identifying the relevant business processes that require explicit consent. These processes, their respective application, screens and underline database entities are identified, classified and mapped by SecuPi.
- The customer interaction channels are defined and changes need to be defined accordingly to capture customer’s consent.
- Customer consent is collected from the different interaction channels (e.g., CRM application) and forwarded to SecuPi Central Management Server.
- SecuPi propagates the collected consent down to the target business applications, big-data and DW environments without code changes.
Using dynamic masking and redaction, SecuPi can enforce consumer requests to opt-out and disable access to data subjects where consent wasn’t given or where the consumer requested to restrict processing of personal data.