opinion

Privacy Notices Shouldn’t Be Treated as an Afterthought

Privacy Notices Shouldn’t Be Treated as an Afterthought

After years of preaching about the importance of website operators posting their privacy practices on their websites, another state has joined the party.

Known as Nevada SB 538, Nevada law went into effect last month requiring operators of websites and online services must post a public notice regarding their privacy practices.

The exponential increase in data breaches is forcing all states to take a hard look at their existing laws and make changes now.

Nevada is the third state to pass such a law. California started the trend back in 2004, with the California Online Privacy Protection Act and was joined by Delaware last year with the Delaware Online and Privacy Protection Act.

Much like the California and Delaware requirements, Nevada now requires that website operators must: 1) identify the categories of personally identifiable information collected through the site; 2) identify the categories of third parties with whom personally identifiable information may be shared; 3) disclose whether third parties may collect information about a consumer’s online activities over time and across different websites when the consumer uses the site; 4) provide information about the process for reviewing and requesting changes to personally identifiable information collected through the site; and 5) list an effective date.

It is important to understand that Nevada considers the following to be personally identifiable information:

  • A first and last name;
  • A home or other physical address which includes the name of a street and the name of a city or town;
  • An electronic mail address;
  • A telephone number;
  • A Social Security number; and,
  • An identifier that allows a specific person to be contacted either physically or online.

When it comes to penalties for failing to comply with the new Nevada law, the Nevada attorney general may pursue civil enforcement within 30 days following notification of noncompliance.

However, notification of noncompliance is not required where a website operator’s notice “contains information which constitutes a knowing and material misrepresentation or omission that is likely to mislead a consumer.” In plain English, if you knowingly lie in your privacy notice, then the attorney general does not need to provide notice before coming after you.

The Nevada law allows for injunctive relief and a civil penalty “not to exceed $5,000 for each violation.” It should be noted that the Nevada law does not include a private right of action (i.e. third-party lawsuits or non-attorney general enforcement actions).

As of now, it’s unknown how soon and how aggressively the Nevada attorney general will pursue violations of the new statute, but given the nature of the cyber world we now live in I suspect that it will not be long before we see enforcement actions commencing.

Reminder: this law became effective Oct. 1, meaning that if you are not in compliance then you are now potentially subject to enforcement action.

Both California and Delaware’s laws require that the privacy notice must be “conspicuously” made available and provide guidance on how that standard is to be achieved but the Nevada law only states that the privacy notice must be available “in a manner reasonably accessible by consumers.”

Additionally, Nevada’s law does not require an operator to disclose how it responds to web browser “do not track” signals; does not apply to entities unless they purposefully direct activities toward Nevada, consummate some transaction with the state or a resident, or purposefully avail themselves of the privilege of conducting activities in Nevada; and excludes operators located in Nevada whose revenue is primarily delivered from sources other than online services and whose website receives fewer than 20,000 unique visitors per year.

If you are hoping that Nevada will be the last state to join California and Delaware then I would not recommend that you hold your breath. The exponential increase in data breaches is forcing all states to take a hard look at their existing laws and make changes now.

Government officials have clearly drawn a line in the sand and will be especially aggressive against those website operators who blatantly misrepresent their privacy practices.

Privacy notices, aka privacy policies, should not be treated as an afterthought.

Online business operators need to ensure that their privacy notices are fully compliant with applicable law and ensure that no misrepresentations are being made.

Stealing (“borrowing”) another website’s privacy notice is nothing more than a game of high stakes Russian roulette.

This article does not constitute legal advice and is provided for your information only and should not be relied upon in lieu of consultation with legal advisors in your own jurisdiction It may not be current as the laws in this area change frequently. Transmission of the information contained in this article is not intended to create and the receipt does not constitute, an attorney-client relationship between sender and receiver.

Corey D. Silverstein is the managing and founding member of the Law Offices of Corey D. Silverstein P.C., which focuses on representing all areas of the adult industry. His clientele includes hosting companies, affiliate programs, content producers, processing companies, website owners and performers, just to name a few. Silverstein can be reached by email at corey@myadultattorney.com; his site, MyAdultAttorney.com and Porn.law; or by telephone at (248) 290-0655.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More