Educause Security Discussion mailing list archives
Re: Nevada's mandatory encryption law
From: Aaron Kirby <akirbyco () GMAIL COM>
Date: Sat, 18 Oct 2008 10:36:23 -0400
I wonder what types of loopholes will arise from the use of different definitions of "secure system of business?" Would a private line WAN connection through a telecommunications or cable company still be considered a secure system of business? Or will companies have to encrypt traffic traveling over private WAN connections? Can a company really "ensure the security of the electronic transmission" if it is passing through AT&T infrastructure? I wonder if MPLS VPN service offerings build momentum. Still doesn't do much to protect against insider threats. Basgen, Brian wrote:
FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information. It seems to be a natural extension of the mandatory data reporting laws. "NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission. 2. As used in this section: (a) “Encryption” has the meaning ascribed to it in NRS 205.4742. (b) “Personal information” has the meaning ascribed to it in NRS 603A.040. (Added to NRS by 2005, 2506, effective October 1, 2008) ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Nevada's mandatory encryption law Basgen, Brian (Oct 17)
- <Possible follow-ups>
- Re: Nevada's mandatory encryption law Jeff Holden (Oct 17)
- Re: Nevada's mandatory encryption law Aaron Kirby (Oct 18)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Basgen, Brian (Oct 20)
- Re: Nevada's mandatory encryption law Don Nightingale (Oct 20)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Doug Markiewicz (Oct 20)
- Re: Nevada's mandatory encryption law David Shettler (Oct 20)
- Re: Nevada's mandatory encryption law Allison Dolan (Oct 20)