Nevada was one of the first states in the nation to pass an online privacy law giving consumers the right to opt out of data sales. While it doesn't have the sweeping scope of California's CCPA, Nevada's layered framework of privacy protections provides meaningful rights that every resident should understand and exercise.
Overview of Nevada Privacy Laws
Nevada's data privacy protections are primarily housed in Chapter 603A of the Nevada Revised Statutes, titled "Security and Privacy of Personal Information." This chapter has been built up through multiple legislative sessions since 2005, with major additions in 2019, 2021, and 2023. Rather than a single comprehensive privacy act, Nevada takes a targeted approach with several focused statutes covering different aspects of data privacy.
Senate Bill 220: The Right to Opt Out
Nevada's most significant consumer privacy protection is Senate Bill 220, enacted in 2019. This law gives Nevada consumers the right to opt out of the sale of their "covered information" by operators of websites and online services.
What It Covers
Under SB 220, "covered information" includes:
- First and last name
- Home or physical address
- Email address
- Phone number
- Social Security number
- An identifier that allows a specific person to be contacted physically or online
- Any other information collected online and maintained in combination with the above
How to Exercise Your Right
Website operators that collect covered information from Nevada consumers must:
- Establish a designated request address (email, toll-free number, or online form) for opt-out requests
- Respond to verified requests within 60 days (with an optional 30-day extension)
- Post information about the opt-out process on their website
Key Distinction
Nevada's law applies specifically to the "sale" of personal information — defined as exchanging covered information for monetary consideration. It does not cover data sharing for non-monetary purposes, which is a narrower scope than California's CCPA.
Consumer Health Data Protection
In 2023, the Nevada legislature passed Senate Bill 370, a consumer health data privacy law designed to fill gaps where HIPAA does not apply. This law is particularly important because it protects health data collected outside of traditional healthcare settings.
SB 370 covers:
- Health data collected by consumer apps and fitness trackers
- Mental health and reproductive health information
- Biometric data used for health purposes
- Data about health conditions, treatments, or diagnoses
Companies collecting consumer health data in Nevada must obtain consent before selling or sharing it with third parties.
Data Security Requirements
NRS 603A.210 requires any entity that maintains personal information of Nevada residents to implement and maintain reasonable security measures. These measures must protect records from unauthorized access, acquisition, destruction, use, modification, or disclosure.
While the law doesn't specify exact technical standards, businesses are expected to meet industry-standard security practices appropriate to the sensitivity of the data they hold.
Data Breach Notification
If a business experiences a data breach involving Nevada residents' personal information, it must notify affected individuals. The notification must include:
- A description of the breach
- The types of personal information involved
- Contact information for the company
- Contact information for credit reporting agencies
Limitations of Nevada's Privacy Laws
Nevada's privacy laws do not grant consumers the right to access their personal data, request data portability, or demand deletion of personal data from private businesses. There is also no private right of action — only the Attorney General can enforce violations.
Enforcement
The Nevada Attorney General has exclusive enforcement authority over the online privacy opt-out provisions. If the Attorney General believes an operator has violated the law, they can institute legal proceedings. Civil penalties of up to $5,000 per violation may be imposed by a district court.
How Nevada Compares to Other States
Nevada's privacy protections fall somewhere in the middle compared to other states:
- Stronger than: Arizona, Georgia, and other states with no comprehensive privacy law
- Weaker than: California (CCPA/CPRA), Colorado (CPA), and Virginia (VCDPA), which offer broader rights including data access, deletion, and correction
- Similar to: States that focus primarily on opt-out rights without full data access and deletion provisions
Protecting Yourself Beyond State Law
Nevada's privacy laws provide a foundation, but they don't go far enough to fully protect your personal data. Data brokers operating outside Nevada — or those that share data without direct monetary exchange — may not be covered by SB 220.
To comprehensively protect your privacy, you should:
- Submit opt-out requests to major data brokers directly
- Freeze your credit with all three bureaus
- Use strong, unique passwords and two-factor authentication
- Minimize the personal information you share online
PrivacyOn can automate much of this work for you. We monitor over 100 data broker sites, submit removal requests on your behalf, and continuously verify that your data stays removed — giving you far more protection than state law alone provides.