opinion

Privacy Notices Shouldn’t Be Treated as an Afterthought

Privacy Notices Shouldn’t Be Treated as an Afterthought

After years of preaching about the importance of website operators posting their privacy practices on their websites, another state has joined the party.

Known as Nevada SB 538, Nevada law went into effect last month requiring operators of websites and online services must post a public notice regarding their privacy practices.

The exponential increase in data breaches is forcing all states to take a hard look at their existing laws and make changes now.

Nevada is the third state to pass such a law. California started the trend back in 2004, with the California Online Privacy Protection Act and was joined by Delaware last year with the Delaware Online and Privacy Protection Act.

Much like the California and Delaware requirements, Nevada now requires that website operators must: 1) identify the categories of personally identifiable information collected through the site; 2) identify the categories of third parties with whom personally identifiable information may be shared; 3) disclose whether third parties may collect information about a consumer’s online activities over time and across different websites when the consumer uses the site; 4) provide information about the process for reviewing and requesting changes to personally identifiable information collected through the site; and 5) list an effective date.

It is important to understand that Nevada considers the following to be personally identifiable information:

  • A first and last name;
  • A home or other physical address which includes the name of a street and the name of a city or town;
  • An electronic mail address;
  • A telephone number;
  • A Social Security number; and,
  • An identifier that allows a specific person to be contacted either physically or online.

When it comes to penalties for failing to comply with the new Nevada law, the Nevada attorney general may pursue civil enforcement within 30 days following notification of noncompliance.

However, notification of noncompliance is not required where a website operator’s notice “contains information which constitutes a knowing and material misrepresentation or omission that is likely to mislead a consumer.” In plain English, if you knowingly lie in your privacy notice, then the attorney general does not need to provide notice before coming after you.

The Nevada law allows for injunctive relief and a civil penalty “not to exceed $5,000 for each violation.” It should be noted that the Nevada law does not include a private right of action (i.e. third-party lawsuits or non-attorney general enforcement actions).

As of now, it’s unknown how soon and how aggressively the Nevada attorney general will pursue violations of the new statute, but given the nature of the cyber world we now live in I suspect that it will not be long before we see enforcement actions commencing.

Reminder: this law became effective Oct. 1, meaning that if you are not in compliance then you are now potentially subject to enforcement action.

Both California and Delaware’s laws require that the privacy notice must be “conspicuously” made available and provide guidance on how that standard is to be achieved but the Nevada law only states that the privacy notice must be available “in a manner reasonably accessible by consumers.”

Additionally, Nevada’s law does not require an operator to disclose how it responds to web browser “do not track” signals; does not apply to entities unless they purposefully direct activities toward Nevada, consummate some transaction with the state or a resident, or purposefully avail themselves of the privilege of conducting activities in Nevada; and excludes operators located in Nevada whose revenue is primarily delivered from sources other than online services and whose website receives fewer than 20,000 unique visitors per year.

If you are hoping that Nevada will be the last state to join California and Delaware then I would not recommend that you hold your breath. The exponential increase in data breaches is forcing all states to take a hard look at their existing laws and make changes now.

Government officials have clearly drawn a line in the sand and will be especially aggressive against those website operators who blatantly misrepresent their privacy practices.

Privacy notices, aka privacy policies, should not be treated as an afterthought.

Online business operators need to ensure that their privacy notices are fully compliant with applicable law and ensure that no misrepresentations are being made.

Stealing (“borrowing”) another website’s privacy notice is nothing more than a game of high stakes Russian roulette.

This article does not constitute legal advice and is provided for your information only and should not be relied upon in lieu of consultation with legal advisors in your own jurisdiction It may not be current as the laws in this area change frequently. Transmission of the information contained in this article is not intended to create and the receipt does not constitute, an attorney-client relationship between sender and receiver.

Corey D. Silverstein is the managing and founding member of the Law Offices of Corey D. Silverstein P.C., which focuses on representing all areas of the adult industry. His clientele includes hosting companies, affiliate programs, content producers, processing companies, website owners and performers, just to name a few. Silverstein can be reached by email at corey@myadultattorney.com; his site, MyAdultAttorney.com and Porn.law; or by telephone at (248) 290-0655.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Navigating Age-Related Regulations in Europe

Age verification measures are rapidly gaining momentum across Europe, with regulators stepping up efforts to protect children online. Recently, the U.K.’s communications regulator, Ofcom, updated its timeline for implementing the Online Safety Act, while France’s ARCOM has released technical guidance detailing age verification standards.

Gavin Worrall ·
opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
Show More