Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Nevada's mandatory encryption law
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Mon, 20 Oct 2008 12:56:52 -0400

Massachusetts seems to have a similar encryption requirement that goes into effect 01/01/2009.  However, thats just one 
in a much more extensive list of requirements published by the Mass. Office of Consumer Affairs and Business 
Regulations in support of existing laws around the protection of personal information.

http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca



Basgen, Brian wrote:
 FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information. 
It seems to be a natural extension of the mandatory data reporting laws.

"NRS 597.970  Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 
2008.]
      1.  A business in this State shall not transfer any personal information of a customer through an electronic 
transmission other than a facsimile to a person outside of the secure system of the business unless the business uses 
encryption to ensure the security of electronic transmission.
      2.  As used in this section:
      (a) “Encryption” has the meaning ascribed to it in NRS 205.4742.
      (b) “Personal information” has the meaning ascribed to it in NRS 603A.040.
      (Added to NRS by 2005, 2506, effective October 1, 2008)

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]