Nevada Data Encryption Law

NevadaNevada’s data encryption law isn’t as exciting to talk about as Mac vs PC or Who has the best Cell Phone OS but it is something that everyone should be aware of. I’ll share an example later that will help illuminate why I recommend everyone know. Client’s and Customer’s personal information can be transmitted incorrectly very easily and if you aren’t aware of what is and isn’t acceptable (per the new law) for transmitting information – you will be held liable for any breach’s/theft of information.

Oh – and let’s get the big bold disclaimer out in front of everyone that might already be thinking their business will have someone sign a waiver. You can certainly try but the waiver has no validity. The specific wording from NRS:

     NRS 603 A.100 Waiver of provisions of chapter prohibited. Any waiver of the provisions of this
chapter is contrary to public policy, void and unenforceable.

There are specific combinations of personal information that has to be contained in breached data. The combination has to contain first name or initial and last name in combination with any of the following: social security number, driver’s license or identification number, or financial numbers (account, credit card…) in combination with required security, access code or password to access financial account. So what’s the probability of a breach with a specific combination of this information – unfortunately more probable than most people would think, including me.

As a very recent occurrence I was purchasing items from a local business that doesn’t have a credit card terminal at the location I was at. They collect all pertinent credit card information to process from their head office, scanned in and emailed to the person that takes care of the processing. Knowing what protocols are to be in place, I asked about the encryptions they used for transmitting my credit card information… the confused face I got in return was response enough. I requested that my information not be emailed and asked to speak with a manager. The company is a great company and has been around for a while but this simple over sight in practices has the potential to cost that company a lot of money.

Security measures for information can be easy to go overboard on. The statute has an interpretable safety check in place, “shall implement and maintain reasonable security measures”. No legal test has happened yet to quantify “reasonable” or qualify “measures”. Nevada Revised Statute 603A is worth the read, http://www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-603A.html. If you have questions about your current practices, don’t hesitate – ask.

[whohit]NRS[/whohit]

1 Comment

  1. Convenience Stores in Boulder City Reply

    Good day! I just wish to offer you a big thumbs
    up for the great info you have here on this post.
    I will be returning to your blog for more soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top