Re: Nevada's mandatory encryption law

[Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>]

Massachusetts seems to have a similar encryption requirement that goes into effect 01/01/2009.  However, thats just one 
in a much more extensive list of requirements published by the Mass. Office of Consumer Affairs and Business 
Regulations in support of existing laws around the protection of personal information.

http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca



Basgen, Brian wrote:
>  FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information. 
> It seems to be a natural extension of the mandatory data reporting laws.
>
> "NRS 597.970  Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 
> 2008.]
>       1.  A business in this State shall not transfer any personal information of a customer through an electronic 
> transmission other than a facsimile to a person outside of the secure system of the business unless the business uses 
> encryption to ensure the security of electronic transmission.
>       2.  As used in this section:
>       (a) “Encryption” has the meaning ascribed to it in NRS 205.4742.
>       (b) “Personal information” has the meaning ascribed to it in NRS 603A.040.
>       (Added to NRS by 2005, 2506, effective October 1, 2008)
>
> ~~~~~~~~~~~~~~~~~~
> Brian Basgen
> Information Security
> Pima Community College