Privacy Law—Nevada and Maine Edition
Privacy Plus+
Privacy, Technology and Perspective
Privacy Law—Nevada and Maine Edition. With its sweeping, complex, and detailed requirements, California’s CCPA absorbs most of the attention of privacy professionals these days. But two other states – Nevada and Maine – also have data-protection laws of significance. They’re hard to see inside the blinding glare of California’s CCPA, but they shouldn’t be ignored.
Here are the high points:
Nevada
Nevada’s Privacy Act may be found by clicking the following link:
https://www.leg.state.nv.us/NRS/NRS-603A.html
Nevada’s statute took effect last October, months before California’s. It mirrors many of the CCPA’s data rights and protections, but there are important differences:
Nevada applies more narrowly. It applies to online businesses, services, or “operators” of websites (as opposed to all “businesses” meeting broad criteria), with exemptions for entities regulated under Gramm-Leach-Bliley or HIPAA or with respect to some automobile functions (not just “information” regulated under them).
Both states allow consumers to opt-out of sale of their personal information. But in Nevada, “sale” means “sale,” “for [money],” not any kind of disclosure for any kind of valuable consideration, and it does not appear to require the conspicuous button or link the disclosure the CCPA does – just an email address, a toll-free number or a site.
“Covered Information” is particular to a person (not a “household”) and is collected from that person online and maintained by the operator together with an identifier by which s/he is identifiable.
The CCPA provides for a limited private right of action in some circumstances, but the Nevada Act provides no private right of action.
For more details on the differences between the Nevada Act and the CCPA, see the OneTrust comparison at:
https://www.onetrust.com/the-nevada-privacy-law-sb-220-vs-the-california-consumer-privacy-act-ccpa/
Maine
Maine’s Act to Protect the Privacy of Online Customer Information may be found by clicking the following link:
http://www.mainelegislature.org/legis/bills/bills_129th/billtexts/SP027501.asp
Maine’s act prohibits broadband Internet Service Providers from using, disclosing, selling, or permitting access to most information generated for them by their customers’ use of their services, absent opt-in consent.
Maine’s Act is described as strict, so far as it applies. But it does not apply very widely.
Unlike California’s or Nevada’s, Maine’s Act is targeted directly at Internet Service Providers who operate in Maine, and whose customers are “physically located and billed for service received in the State.” It has been reported that there are only about 80 of these. Given the marked absence of any enforcement mechanism in the Act – no private right of action, no mention of the Attorney General, so that any enforcement must presumably (and impliedly?) be by the general enforcement powers of the Maine public utility commission – at a first glance it is unclear how burdensome the Act is likely to be to them.
Angry they are, however. Because the Act does not address other data collectors such as search engines (Google) or social media (Facebook), the Mainers’ ISPs see themselves as having been singled out for unfair discrimination. Four trade associations representing ISPs who operate in Maine have sued to enjoin the Act’s enforcement.
For more on the recently-filed complaint, click on the following link:
---
Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.