BreachExchange mailing list archives
Nevada Mandates PCI Standard
From: security curmudgeon <jericho () attrition org>
Date: Mon, 22 Jun 2009 21:20:17 +0000 (UTC)
http://www.boazgelbord.com/2009/06/nevada-mandates-pci-standard.html Saturday, June 20, 2009 Nevada Mandates PCI Standard Nevada has recently passed a law mandating PCI compliance for companies accepting payment cards that do business in the state. It is scheduled to go into effect on January 1st, 2010. This makes Nevada the very first state to actually mandate PCI. The prize for toughest-state-data-security-law used to belong to Massachusetts. But Mass has recently been wavering and its technical requirements are almost non-existent compared to PCI. The Nevada law is no reason to panic and doesnt really change much for companies dealing with credit card data. Those companies already have a contractual obligation to adhere to PCI. The Nevada law ups the ante by making this an actual legal requirement, but the standard itself remains the same. And as far as actual enforcement goes, the Nevada law says nothing about penalties whereas PCI has the ability to fine non-compliant companies. The bigger change is for companies that deal with non-credit card personal data. The Nevada law defines nonpublic personal information as a social security number, drivers license number, or account number in combination with a password. It mandates the use of encryption for the transfer of such data outside of a company's control (this requirement existed in various forms in previous Nevada legislation as well). [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Nevada Mandates PCI Standard security curmudgeon (Jun 22)