Nevada Enacts Nation’s First Data Encryption Law

What happens in Vegas stays in Vegas. And now what is done on a computer in Nevada will apparently stay in Nevada or at least stay private! This week the state put into effect the nation’s first data encryption law, which prohibits businesses from electronically transferring customers’ personal data outside an organization unless it is specifically encrypted.

The law requires businesses to encrypt customers’ personal data when transmitted to a location that is “outside of the secure system of business.” Under the Nevada definition, personal information is such information as a person’s first and last name, combined with social security number, driver’s license

information, bank account, credit or debit card numbers accompanied by a security code or password. Essentially it is anything that would potentially give an unauthorized user access to an account. As of this past Wednesday, all of this information will need to be encrypted when being transferred electronically.

There are of course exceptions to the rule, such as the transmission of data via a fax machine – no one is expecting this information to be encoded ala a German World War II Enigma Machine.

However, what is a little more vague is that lawmakers in Nevada have not specifically defined or clarified what exactly constitutes a “secure system of the business.” Just as confusing to some is the fact that the data needs to be encrypted while being transferred or moved, but not when the data is “at rest” as in just sitting on a server or hard drive.

Currently more than 40 states have already enacted various data breach laws, while a few such as California have adopted encryption statutes that require that customer data is protected when stored on such devices as PCs, tapes, servers, laptops and even portable hard drives.

For many SMBs in Nevada this also

digg

del.icio.us

StumbleUpon

reddit