If breach notification is required to more than 1,000 persons, it must also be reported, without unreasonable delay, to specified consumer reporting agencies.

If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

Organizations may be fined or penalized for Vendor violations. Nevada State Attorney General may bring an action to obtain a temporary or permanent injunction for violation of the ‘Security of Personal Information’ laws. An organization may be liable for damages if it cannot prove compliance with the breach, notification, and data protection laws. A data collector that must send breach notifications may commence an action for all damages from whomever illegally accessed their records and may be rewarded restitution.

Increased regulations on personal information handled by educational facilities teachers can be terminated for not protecting student’s personal information.

An organization that maintains records with personal information must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure. If measures are not taken, the organization may be held liable for damages related to the breach. Organizations must contract with Vendors to whom the Organization discloses personal information. Operators of Internet websites or online services and data brokers who collect personal information from consumers in Nevada must provide consumers the right to opt-out of the sale of their personal information and must implement processes to support this option.

Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications. Vendors must have measures in place to protect personal information from unauthorized access, acquisition, destruction, use, modification or disclosure. Vendors who are businesses operating in Nevada must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable.