Educause Security Discussion mailing list archives
Re: Nevada's mandatory encryption law
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 20 Oct 2008 13:41:02 -0400
Also worth noting about Massachusetts law is that encryption doesn't obviate the need for notification if personal information goes astray - as per a member of the Attorney General's office for enforcement.
(Massachusetts law also includes paper documents as part of the protected info - if the US Postal service misdelivers a correctly addressed letter with PII, then the consumer is supposed to be notified)
Allison F. Dolan Program Director, Personally Identifiable Information Massachusetts Institute of Technology 77 Massachusetts Ave NE49-3021 Cambridge MA 02139-4307 Phone: (617) 252-1461 http://mit.edu/infoprotect On Oct 20, 2008, at 12:56 PM, Doug Markiewicz wrote:
Massachusetts seems to have a similar encryption requirement that goes into effect 01/01/2009. However, thats just one in a much more extensive list of requirements published by the Mass. Office of Consumer Affairs and Business Regulations in support of existing laws around the protection of personal information.http://www.mass.gov/? pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity +Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=EocaBasgen, Brian wrote:FYI for anyone who hasn't seen it yet, Nevada is requiring encryption on electronic transfers of personal information. It seems to be a natural extension of the mandatory data reporting laws. "NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.2. As used in this section:(a) “Encryption” has the meaning ascribed to it in NRS 205.4742. (b) “Personal information” has the meaning ascribed to it in NRS 603A.040.(Added to NRS by 2005, 2506, effective October 1, 2008) ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Nevada's mandatory encryption law Basgen, Brian (Oct 17)
- <Possible follow-ups>
- Re: Nevada's mandatory encryption law Jeff Holden (Oct 17)
- Re: Nevada's mandatory encryption law Aaron Kirby (Oct 18)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Basgen, Brian (Oct 20)
- Re: Nevada's mandatory encryption law Don Nightingale (Oct 20)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Doug Markiewicz (Oct 20)
- Re: Nevada's mandatory encryption law David Shettler (Oct 20)
- Re: Nevada's mandatory encryption law Allison Dolan (Oct 20)