Go to:

Nevada State Privacy Protection Rights

Nevada statewide privacy links:

Sponsored

Introduction to Nevada Privacy Rights

Nevada has emerged as one of the most progressive states in the United States regarding consumer privacy protection, carving out a distinctive position in the national privacy landscape. While California often receives attention for its comprehensive privacy legislation, Nevada has quietly established robust protections that deserve recognition and understanding by residents and businesses operating within the state.

The Silver State's privacy framework is anchored by several key legislative achievements, most notably Senate Bill 220 (SB 220), which became effective in October 2019, and its subsequent amendments. This law established Nevada as only the second state in the nation to enact a comprehensive consumer privacy statute, predating many other states' efforts. Nevada's approach differs from California's in significant ways—it's narrower in scope but provides specific, enforceable rights that Nevada residents can exercise immediately.

Nevada's privacy protections extend across multiple domains: consumer data privacy, data breach notification requirements, employment records, financial information, and health data. The state maintains strong public records laws through the Nevada Public Records Act (Nevada Revised Statutes Chapter 239), which balances government transparency with individual privacy concerns. Additionally, Nevada law includes specific protections for biometric data, children's online information, and the privacy of personal information collected through internet services.

Compared to other states, Nevada occupies a middle ground. It provides more robust consumer privacy protections than most states but doesn't reach the comprehensive scope of California's Consumer Privacy Act (CCPA) or Virginia's Consumer Data Protection Act. However, Nevada's laws are more straightforward and easier for average residents to understand and utilize. The state's Attorney General has enforcement authority, and violations can result in substantial penalties, giving Nevada's privacy laws real teeth.

Nevada's State Privacy Laws

Nevada's privacy legal framework consists of several interconnected statutes that together create a comprehensive protection system for residents. Understanding these specific laws is essential for anyone seeking to protect their privacy rights in Nevada.

Nevada Revised Statutes Chapter 603A: Security and Privacy of Personal Information

This chapter forms the backbone of Nevada's data privacy protections. NRS 603A.340, enacted through SB 220 and amended by SB 260 in 2021, grants Nevada consumers the right to opt out of the sale of their personal information. This statute applies to any business operator that conducts business in Nevada, owns or licenses covered information about Nevada residents, and operates a website or online service. The law specifically defines "sale" as the exchange of covered information for monetary consideration by the operator to a third party for the third party to license or sell the information to additional parties.

Under NRS 603A.340, operators must provide a designated request address (email or toll-free number) through which consumers can submit verified requests to opt out. Once a verified request is received, operators have 60 days to honor the request and must not sell the consumer's covered information thereafter. Operators cannot charge fees, discriminate against, or retaliate against consumers who exercise this right. Violations are enforced exclusively by the Nevada Attorney General, who can seek injunctive relief and civil penalties up to $5,000 per violation.

Data Breach Notification Requirements: NRS 603A.010 to 603A.290

Nevada maintains one of the nation's strictest data breach notification laws. Under NRS 603A.220, any data collector (person or business that maintains records containing personal information about Nevada residents) must notify affected individuals "in the most expedient time possible and without unreasonable delay" following the discovery of a security breach. The law does not specify an exact number of days, but Nevada courts and the Attorney General's office have interpreted this to generally mean within 30 days of discovery.

Personal information under this statute includes a Nevada resident's first name or initial and last name combined with any of the following: Social Security number, driver's license or government ID number, financial account numbers, medical identification numbers, health insurance identification numbers, or username/email combined with a password that would permit access to an online account. Notably, Nevada also includes biometric data and genetic information in its definition of protected personal information under NRS 603A.215.

The notification must be clear and conspicuous, written in plain language, and include: a description of the breach incident; the types of personal information compromised; contact information for major credit reporting agencies; and advice on how individuals can protect themselves from identity theft. If the breach affects more than 1,000 residents, the data collector must also notify the three major credit reporting agencies and submit a copy of the notice to the Nevada Attorney General.

Employee Privacy Rights

Nevada provides specific privacy protections for employees through several statutes. NRS 613.135 prohibits employers from requiring or requesting employees or applicants to: disclose their username or password for any personal social media account, access personal social media in the employer's presence, or divulge any personal social media except as provided by law or to ensure compliance with applicable laws or regulatory requirements.

Additionally, NRS 284.4066 and related provisions protect the privacy of certain public employee information, including home addresses, telephone numbers, and information about family members from public disclosure when such disclosure could threaten the employee's safety. This protection applies particularly to law enforcement officers, judges, prosecutors, and other public safety personnel.

Financial Privacy Protections

Beyond federal protections like the Gramm-Leach-Bliley Act, Nevada law provides additional financial privacy safeguards. NRS 598.0923 through 598.0999 regulate financial information repositories and consumer reporting agencies. These provisions require that financial institutions provide clear privacy notices and allow consumers to opt out of certain information sharing practices. Nevada also prohibits the sale of certain insurance information under NRS 679A.100, providing additional layers of financial privacy protection.

Biometric Information Privacy: NRS 603A.215

Nevada statute explicitly addresses biometric information privacy, requiring written consent before a business can collect biometric identifiers such as fingerprints, retinal scans, facial recognition data, or voiceprints. This puts Nevada ahead of many states in protecting this sensitive category of personal information.

Freedom of Information / Open Records in Nevada

Nevada's commitment to government transparency is codified in the Nevada Public Records Act, found primarily in Nevada Revised Statutes Chapter 239. This law establishes that all public books and records of governmental entities are open for inspection by any person at all times during office hours, unless otherwise declared by law to be confidential.

The Nevada Public Records Act: NRS 239.010

NRS 239.010 establishes the foundational principle that public records must remain open and accessible. The statute defines "public book or record" broadly to include any information prepared, owned, used, or retained by a governmental entity that documents the organization, functions, policies, decisions, procedures, operations, or other activities performed by the entity. This includes paper documents, electronic records, emails, text messages, databases, and audio or video recordings.

Requesting Public Records in Nevada

Any person may request public records without stating a reason or demonstrating a particular interest. Requests should be submitted to the custodian of records for the specific governmental entity. While oral requests are technically permissible, written requests are strongly recommended to create a clear record. The request should reasonably describe the records sought with sufficient specificity to allow the custodian to locate them.

Under NRS 239.0107, the governmental entity must respond to the request within five business days. This response must either: (1) grant the request and provide the records; (2) deny the request with a written explanation citing the specific statutory exemption; or (3) inform the requester that additional time (not exceeding an additional five business days) is needed to respond due to the request's scope or the need to consult with other entities.

Fee Schedules

Nevada law permits governmental entities to charge fees for public records, but these fees must be reasonable and reflect only the actual cost of providing the records. Under NRS 239.052, entities may charge for the direct costs of copying, including staff time if the request requires extraordinary use of personnel. Standard copying costs typically range from $0.25 to $0.50 per page for paper documents. Electronic records provided on media may incur charges for the storage device. Entities must provide a written explanation of fee calculations upon request.

Exemptions to Public Disclosure

Nevada law contains numerous specific exemptions protecting certain records from disclosure. Key exemptions include:

Appeals Process

If a governmental entity denies a public records request, the requester may petition a court for an order requiring disclosure. Under NRS 239.011, the petitioner may file a lawsuit in district court, which must be heard within 30 days. If the court determines the entity wrongfully denied access, it shall order disclosure and may award attorney's fees and costs to the prevailing requester. Alternatively, requesters may file complaints with the Nevada Attorney General's Office, which can investigate and mediate disputes, though the Attorney General cannot compel disclosure without court action.

HIPAA and Health Privacy in Nevada

Health information privacy in Nevada operates under a dual system: federal protections through the Health Insurance Portability and Accountability Act (HIPAA) and state-specific provisions that often provide stronger protections than federal law requires.

HIPAA establishes national standards for protecting individually identifiable health information, applying to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates. In Nevada, all healthcare entities subject to HIPAA must comply with federal requirements regarding the use, disclosure, and safeguarding of protected health information (PHI). Patients have rights to access their medical records, request amendments, receive accounting of disclosures, and file complaints with the U.S. Department of Health and Human Services Office for Civil Rights.

Nevada-Specific Health Privacy Protections

Nevada law provides additional health privacy protections beyond HIPAA's baseline requirements. NRS 629.061 restricts disclosure of medical information and requires healthcare providers to maintain confidentiality of patient records. This statute provides broader protections in some circumstances than HIPAA, particularly regarding mental health records and substance abuse treatment information.

NRS 629.021 through 629.089 establish specific requirements for maintaining, accessing, and disclosing medical records. Under these provisions, patients have the right to inspect and copy their medical records within five business days of a written request. Healthcare providers may charge reasonable fees for copying, not to exceed $0.60 per page for the first 10 pages and $0.50 per page thereafter, plus actual postage costs.

Nevada also provides special protections for mental health records under NRS 629.061, requiring additional consent for disclosure beyond what HIPAA mandates. HIV/AIDS testing and treatment records receive heightened confidentiality protection under NRS 441A.220, prohibiting disclosure without specific written authorization except in limited circumstances.

Protecting Your Medical Records in Nevada

Nevada residents should take proactive steps to protect their health information. First, review your healthcare provider's Notice of Privacy Practices, which explains how they use and disclose your information. Second, submit written requests to access your records to ensure you know what information is documented. Third, file written objections to limit certain routine disclosures, such as to hospital directories or family members. Finally, if you believe your privacy has been violated, file complaints with both the Nevada State Board of Medical Examiners and the federal Office for Civil Rights within 180 days of discovering the violation.

Consumer Data Privacy Rights

Nevada consumers possess specific, enforceable rights regarding the collection, use, and sale of their personal information, primarily established through SB 220 (codified as NRS 603A.340) and subsequent amendments.

The Right to Opt Out of Data Sales

The cornerstone of Nevada consumer privacy rights is the statutory right to direct businesses not to sell covered information. "Covered information" includes personally identifiable information about a consumer collected through the operator's internet website or online service, including first and last name, home or physical address, email address, telephone number, Social Security number, identifier that allows identification or contact, or any other information combined with these identifiers.

To exercise this right, Nevada consumers must submit a verified request through the designated request mechanism (email address or toll-free telephone number) that the operator must conspicuously post on its website. The operator must honor the request within 60 days and cannot subsequently sell the consumer's information. Importantly, this right applies even if the consumer previously consented to the sale of their information—consumers can withdraw consent at any time.

Verification Requirements

Operators may require reasonable verification to confirm the identity of the person making the request. However, the verification process cannot be overly burdensome. Acceptable verification methods typically include email confirmation, providing account credentials, or answering security questions. Operators cannot demand notarization, fees, or excessive documentation solely for verification purposes.

Data Broker Removal Rights

While Nevada doesn't have a specific data broker registry like Vermont or California, Nevada consumers can leverage their opt-out rights under NRS 603A.340 against data brokers operating websites or online services. Additionally, consumers have rights under federal law, including the Fair Credit Reporting Act (FCRA), to dispute inaccurate information maintained by consumer reporting agencies.

To remove information from data brokers, Nevada residents should:

Credit Report Rights Under FCRA in Nevada

Nevada consumers have robust rights regarding credit reports under the federal Fair Credit Reporting Act, enforced within the state. Consumers are entitled to one free credit report annually from each of the three major credit reporting agencies (Equifax, Experian, and TransUnion) through AnnualCreditReport.com. Nevada residents also receive free reports after being denied credit, employment, or insurance based on credit information.

Under NRS 598C.100 through 598C.200, Nevada law provides additional protections regarding credit report security freezes. Consumers can place security freezes on their credit files at no cost, and credit reporting agencies must implement the freeze within one business day of receiving the request. Freezes prevent new creditors from accessing your credit report, effectively blocking identity thieves from opening accounts in your name.

Enforcement and Penalties

The Nevada Attorney General has exclusive enforcement authority over violations of NRS 603A.340. Consumers cannot bring private lawsuits under this statute. However, the Attorney General can seek civil penalties up to $5,000 per violation, and patterns of violations can result in substantial cumulative penalties. Consumers should report violations to the Nevada Attorney General's Bureau of Consumer Protection at 555 E. Washington Avenue, Suite 3900, Las Vegas, NV 89101, or call (702) 486-3132.

Employment Background Checks & Privacy in Nevada

Nevada law establishes specific parameters for how employers can use background checks, criminal records, and consumer reports in employment decisions, balancing employers' legitimate interests with applicants' privacy rights and rehabilitation opportunities.

Nevada Background Check Requirements

Employers conducting background checks must comply with both federal law (primarily the Fair Credit Reporting Act) and Nevada-specific statutes. Under the FCRA, employers must: obtain written authorization from the applicant before procuring a consumer report; provide disclosure that a report may be obtained; furnish a copy of the report and a written description of consumer rights if taking adverse action; and allow the applicant opportunity to respond before finalizing the adverse decision.

Nevada law prohibits certain inquiries and uses of information. NRS 613.310 through 613.510 regulate how employers can access and use criminal history information, with specific restrictions on considering arrest records without conviction and sealed or expunged records.

Ban-the-Box Law: AB 384

Nevada enacted Assembly Bill 384 in 2017, establishing a "ban-the-box" law that restricts when employers can inquire about criminal history. Under NRS 613.310, employers with 15 or more employees cannot require applicants to disclose criminal history on initial employment applications. This prohibition applies to all application forms, including online applications.

Employers may inquire about criminal history only after determining the applicant is qualified for the position and either conducting an initial interview or making a conditional job offer. Even then, employers cannot ask about arrests not resulting in conviction, sealed or expunged records, or juvenile adjudications.

Limitations on Criminal Record Consideration

When employers are permitted to consider criminal history, Nevada law limits how they can use this information. Under NRS 179.301, sealed records cannot be considered for employment purposes—the applicant may legally respond as if the offense never occurred. Similarly, records that are subject to automatic sealing under Nevada's recent reforms (certain non-violent offenses after specified waiting periods) cannot be used against applicants once sealed.

For convictions that remain unsealed, employers must conduct an individualized assessment considering: the nature and gravity of the offense; the time elapsed since the offense or completion of sentence; and the nature of the job sought. Blanket policies excluding all individuals with any criminal history violate federal Equal Employment Opportunity Commission guidance and may violate Nevada anti-discrimination laws.

How Long Criminal Records Remain Accessible

Nevada criminal records remain accessible indefinitely unless sealed or expunged. However, consumer reporting agencies face restrictions under federal law. The FCRA generally prohibits reporting criminal convictions more than seven years old, though exceptions exist for positions with salaries exceeding $75,000 annually.

Nevada's record sealing laws (NRS 179.245 and 179.255) establish waiting periods after which certain offenses become eligible for sealing: category E felonies after two years, category C and D felonies after five years, category B felonies after five years (some after ten years), and most misdemeanors after one to two years. Once sealed, records are not accessible to most employers.

Disputing Inaccurate Background Check Information

Nevada residents have robust rights to dispute inaccurate information in background checks. Under the FCRA, if you dispute information with the consumer reporting agency, they must investigate within 30 days and correct or delete inaccurate information. Disputes should be submitted in writing with supporting documentation.

For criminal record inaccuracies, contact the Nevada Department of Public Safety, Records, Communications and Compliance Division at 333 W. Nye Lane, Carson City, NV 89706, phone (775) 684-6262. Request a copy of your criminal history record through their website, review it for accuracy, and submit a formal challenge with supporting documentation (court records, case dispositions) showing the error. The department must investigate and correct verified errors.

Protecting Yourself in Nevada: Practical Steps

Taking control of your privacy in Nevada requires proactive measures across multiple domains. This section provides actionable steps Nevada residents can implement immediately to enhance their privacy protection.

Opting Out of People-Search Sites

People-search websites aggregate public records and data broker information, making personal details readily accessible online. To systematically remove your information:

Freezing Your Credit

Nevada law (NRS 598C.330) provides free credit freezes, one of the most effective identity theft prevention tools. To freeze your credit:

Requesting Record Sealing and Expungement in Nevada

Nevada residents with eligible criminal records can petition for sealing under NRS 179.245 (conviction records) or NRS 179.255 (arrest records without conviction). The process involves:

Exercising Your Opt-Out Rights Under NRS 603A.340

To prevent businesses from selling your personal information:

Key Nevada Agency Contacts

Nevada Data Breach Notification

Nevada's data breach notification law, codified in NRS 603A.220, establishes comprehensive requirements for how businesses and governmental entities must respond when personal information is compromised.

Who Must Notify

The law applies to any "data collector," defined as any person or business that, for any purpose, whether by automated collection or otherwise, handles, collects, disseminates or otherwise deals with nonpublic personal information. This broad definition encompasses virtually all businesses operating in Nevada that maintain customer or employee information, as well as governmental entities.

What Triggers Notification Requirements

A notification obligation arises when a data collector experiences a "security breach," defined as unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information. Personal information includes a Nevada resident's first name or initial and last name combined with: Social Security number, driver's license or identification card number, financial account numbers (with access codes), medical identification numbers, health insurance identification numbers, user names or email addresses with passwords or security questions that would permit access to online accounts, or genetic information or biometric data.

Notably, Nevada law includes a "risk of harm" exception. Notification is not required if, after a reasonable investigation, the data collector determines that the breach will not likely result in harm to affected persons. However, this determination must be documented and can be challenged by the Attorney General.

Notification Timeframe

Under NRS 603A.220, notification must occur "in the most expedient time possible and without unreasonable delay." While the statute doesn't specify an exact timeframe, the Nevada Attorney General's office interprets this to generally mean within 30 days of discovering the breach or determining that notification is required. Notification may be delayed only if a law enforcement agency determines that notification would impede a criminal investigation, and only for the period specified by law enforcement.

Content of Notification

Breach notifications must be clear, conspicuous, and written in plain language. Required elements include:

Method of Notification

Notification must be provided by written notice, electronic notice (if consistent with federal E-SIGN Act provisions), or substitute notice if the data collector demonstrates that the cost of providing notice would exceed $250,000 or the affected class exceeds 500,000 persons. Substitute notice consists of email notice if the data collector has email addresses, conspicuous posting on the data collector's website, and notification to major statewide media.

Attorney General Notification

If a breach affects more than 1,000 Nevada residents, the data collector must submit a copy of the notification to the Nevada Attorney General. This requirement ensures regulatory oversight and allows the Attorney General to monitor compliance and identify patterns of security deficiencies.

Penalties for Violations

Violations of Nevada's data breach notification law are enforced by the Attorney General. While NRS 603A.220 itself doesn't specify civil penalties, violations may be prosecuted as deceptive trade practices under NRS 41.600, which authorizes civil penalties up to $5,000 per violation. Additionally, failure to implement reasonable security measures may constitute a separate violation under NRS 603A.210, which can result in additional penalties.

Beyond statutory penalties, data collectors face significant reputational damage, loss of customer trust, and potential civil liability through private lawsuits alleging negligence or breach of implied contract. Class action lawsuits following data breaches have resulted in substantial settlements and judgments.

Children's Privacy in Nevada

Nevada law provides specific protections for children's personal information, both through state statutes and enforcement of federal laws within the state's jurisdiction.

Federal COPPA Compliance in Nevada

The federal Children's Online Privacy Protection Act (COPPA) applies nationwide, including to operators in Nevada. COPPA requires operators of websites or online services directed to children under 13, or operators with actual knowledge they are collecting information from children under 13, to: post clear privacy policies describing information collection practices; provide direct notice to parents and obtain verifiable parental consent before collecting personal information from children; give parents the choice to consent to collection and internal use without consenting to disclosure to third parties; provide parents access to their child's personal information and opportunity to delete it; give parents opportunity to prevent further collection or use of the information; maintain reasonable security procedures; and retain children's personal information only as long as reasonably necessary.

The Federal Trade Commission enforces COPPA, and Nevada businesses violating COPPA face federal penalties up to $43,280 per violation (as of 2021). Nevada residents can file COPPA complaints with the FTC at www.ftc.gov or with the Nevada Attorney General's office, which cooperates with federal enforcement actions.

Nevada-Specific Child Privacy Protections

Nevada law provides additional protections beyond federal COPPA requirements. NRS 394.1513 prohibits for-profit educational institutions from disclosing personally identifiable information from student education records without written consent, providing protections similar to the federal Family Educational Rights and Privacy Act (FERPA) for private institutions not receiving federal funding.

Additionally, Nevada's general data privacy protections under NRS 603A extend to children's information. Parents or legal guardians can exercise opt-out rights on behalf of minor children to prevent the sale of their personal information collected through internet websites or online services.

School Records and FERPA in Nevada

The Family Educational Rights and Privacy Act (FERPA) applies to all educational institutions receiving federal funding in Nevada, including public K-12 schools, public universities, and many private institutions. FERPA grants parents (and students over 18) the right to: inspect and review education records within 45 days of request; request amendment of inaccurate records; consent to disclosure of personally identifiable information (except in specific circumstances); and file complaints with the U.S. Department of Education.

Nevada Administrative Code 388.105 implements FERPA at the state level for public schools. Nevada school districts must provide annual notification to parents of their FERPA rights, maintain records of disclosures, and establish procedures for parents to challenge record content.

Parents concerned about their child's education record privacy should submit written requests to the school principal or district superintendent specifying the records they wish to review. Schools must respond within 45 days. If parents believe records contain inaccurate information, they should submit a written request for amendment explaining the error. If the school denies the request, parents have the right to a formal hearing before school officials.

Frequently Asked Questions

Can I prevent Nevada businesses from selling my personal information?

Yes. Under NRS 603A.340 (Senate Bill 220), Nevada residents have the explicit right to direct businesses not to sell their covered personal information. You must submit a verified opt-out request through the business's designated request mechanism (email address or toll-free number), which must be posted conspicuously on their website. The business must honor your request within 60 days and cannot charge fees, discriminate against you, or refuse services because you opted out. If a business fails to comply, you can file a complaint with the Nevada Attorney General's Bureau of Consumer Protection. Note that this right applies only to information collected through internet websites or online services, not to offline data collection.

How do I obtain my criminal record in Nevada
Last reviewed: Apr 2, 2026 Updated: Apr 2, 2026