Educause Security Discussion mailing list archives
Re: Nevada's mandatory encryption law
From: Jeff Holden <JHolden () MTSAC EDU>
Date: Fri, 17 Oct 2008 17:05:25 -0700
That's a good first step. I am disappointed it allows an exception for faxing data. A fax often sits in an unsecured area where many people may have access to it. There is also the potential for miss routing a fax just by human error by changing just 1 number. It could be argued that faxing is even more insecure than emailing the same document unencrypted. Thanks, Jeff Holden, CISSP, RHCE Manager, Network & Data Security Mt. San Antonio College (909) 594-5611 X5017 "Basgen, Brian" <bbasgen () PIMA EDU> Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> 10/17/2008 04:31 PM Please respond to The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] Nevada's mandatory encryption law FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information. It seems to be a natural extension of the mandatory data reporting laws. "NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission. 2. As used in this section: (a) ?Encryption? has the meaning ascribed to it in NRS 205.4742. (b) ?Personal information? has the meaning ascribed to it in NRS 603A.040. (Added to NRS by 2005, 2506, effective October 1, 2008) ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Nevada's mandatory encryption law Basgen, Brian (Oct 17)
- <Possible follow-ups>
- Re: Nevada's mandatory encryption law Jeff Holden (Oct 17)
- Re: Nevada's mandatory encryption law Aaron Kirby (Oct 18)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Basgen, Brian (Oct 20)
- Re: Nevada's mandatory encryption law Don Nightingale (Oct 20)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Doug Markiewicz (Oct 20)
- Re: Nevada's mandatory encryption law David Shettler (Oct 20)
- Re: Nevada's mandatory encryption law Allison Dolan (Oct 20)