Re: Nevada's mandatory encryption law

[Jeff Holden <JHolden () MTSAC EDU>]

That's a good first step.  I am disappointed it allows an exception for 
faxing data.  A fax often sits in an unsecured area where many people may 
have access to it.  There is also the potential for miss routing a fax 
just by human error by changing just 1 number.  It could be argued that 
faxing is even more insecure than emailing the same document unencrypted. 

Thanks,
Jeff Holden, CISSP, RHCE
Manager, Network & Data Security
Mt. San Antonio College
(909) 594-5611 X5017




"Basgen, Brian" <bbasgen () PIMA EDU> 
Sent by: The EDUCAUSE Security Constituent Group Listserv 
<SECURITY () LISTSERV EDUCAUSE EDU>
10/17/2008 04:31 PM
Please respond to
The EDUCAUSE Security Constituent Group Listserv 
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] Nevada's mandatory encryption law






 FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on 
electronic transfers of personal information. It seems to be a natural 
extension of the mandatory data reporting laws.

"NRS 597.970  Restrictions on transfer of personal information through 
electronic transmission. [Effective October 1, 2008.]
      1.  A business in this State shall not transfer any personal 
information of a customer through an electronic transmission other than a 
facsimile to a person outside of the secure system of the business unless 
the business uses encryption to ensure the security of electronic 
transmission.
      2.  As used in this section:
      (a) ?Encryption? has the meaning ascribed to it in NRS 205.4742.
      (b) ?Personal information? has the meaning ascribed to it in NRS 
603A.040.
      (Added to NRS by 2005, 2506, effective October 1, 2008)

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College