Comply with the Nevada Privacy Law

On May 29, 2019 Nevada officially approved Senate Bill 220 (SB-220), amending Nevada’s existing online privacy law. Effective October 1, 2019, the amendment now provides consumers the right to opt-out of the sale of their personal information, requiring business to make changes to their privacy programs in order to comply with the amended law. ​

OneTrust  enables organizations to easily streamline compliance with the Nevada Privacy Law by leveraging a purpose-built suite of technology solutions and professional services. With OneTrust, your organization can pinpoint where personal data resides and how it is used and streamline your ability to manage and respond to consumer rights and Do Not Sell requests.

Watch the Webinar

  • Who the law impacts and requirements for compliance

  • How Nevada’s law compares to the CCPA

  • Operational implications to your business

  • DataGuidance regulatory tracking and privacy research

  • How OneTrust helps organizations like yours comply


Nevada Privacy Law: What You Need to Know

A first and last name

A social security number

A home or other physical address in which includes the name of a street and the name of a city or town

An identifier that allows a specific person to be contacted either physically or online

An electronic mail (email) address

Discover, remediate and monitor risk across the lifecycle of your third-party vendors

How OneTrust Helps

Many organizations have little visibility into what information they sell and where it exists. With OneTrust Data Inventory & Mapping technology and Vendor Risk Management, your team can easily identify the vendors that you sell information to. Without this understanding, it makes it difficult to halt to sale of personal information, making compliance a challenge.


Definition of “Sale” of Personal Information and Specific Expectations

The sale of personal information is more narrowly defined than in CCPA, meaning “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.” The law also contains numerous exceptions, for example, excluding entities already subject to HIPAA.

How OneTrust Helps

With OneTrust Assessment Automation, your team can create customized assessments to verify whether your organization or specific processing activities fall within the scope of the law, making it fast and easy to spot gaps and overlaps between different legislation.


Establish a Designated Request Address

The GDPR grants organizations 30 days to respond to consumer’s requests, while the CCPA is more lenient at 45 days. The Nevada law extends this timeline further to 60 days, while also giving organizations the right to a 30-day extension if reasonably necessary. The three laws have different extension regimes and require operators to inform consumers within different time windows.

How OneTrust Helps

OneTrust Consumer Rights Management helps you track and prioritize requests based on which law applies. For example, organizations can create distinct workflows based on where the request is coming from and set timelines accordingly. This enables your team to know the number of days left to respond and can help you prioritize incoming requests as well as manage extension notices.


60-Day Consumer Request Response Timeline

Nevada’s new law states that organizations within the scope of the law “shall establish a designated request address (or toll-free number) through which a consumer may submit a verified request.” Tracking requests to opt-out of the sale of personal information via email (e.g. [email protected]) is far from scalable.

How OneTrust Helps

With OneTrust Consumer Rights Management, your organization can direct consumers to a customizable, branded web form to intake and verify opt-out requests. These requests are funneled into a central queue within OneTrust to streamline request fulfilment. With Targeted Data Discovery, OneTrust can integrate with external systems, such as Customer Relationship Managers (CRM) and Marketing Automation systems, to locate and pull information necessary to automate the fulfilment of consumer requests. Or provide a custom toll-free number to automate the intake of consumer request.


Request Must Be Verified Before Responding

As is the case under the GDPR and the CCPA, organizations must verify the identity of the consumer before responding to a request.

How OneTrust Helps

OneTrust Consumer Rights Management also facilitates this verification when a consumer submits an opt-out request, whether it’s submitting an ID via a secure attachment, two-step email confirmation, or other methods such as requesting a piece of information that only the consumer would know.


Ready to Get Started? Try OneTrust Free for 14 Days

See how OneTrust can operationalize your privacy program

Request Demo Free Trial
Onetrust All Rights Reserved