Educause Security Discussion
mailing list archives
Re: Nevada's mandatory encryption law
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Mon, 20 Oct 2008 12:56:52 -0400
Massachusetts seems to have a similar encryption requirement that goes into effect 01/01/2009. However, thats just one
in a much more extensive list of requirements published by the Mass. Office of Consumer Affairs and Business
Regulations in support of existing laws around the protection of personal information.
Basgen, Brian wrote:
FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information.
It seems to be a natural extension of the mandatory data reporting laws.
"NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1,
1. A business in this State shall not transfer any personal information of a customer through an electronic
transmission other than a facsimile to a person outside of the secure system of the business unless the business uses
encryption to ensure the security of electronic transmission.
2. As used in this section:
(a) “Encryption” has the meaning ascribed to it in NRS 205.4742.
(b) “Personal information” has the meaning ascribed to it in NRS 603A.040.
(Added to NRS by 2005, 2506, effective October 1, 2008)
Pima Community College