Educause Security Discussion mailing list archives

Re: Nevada's mandatory encryption law

From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 20 Oct 2008 13:41:02 -0400

Also worth noting about Massachusetts law is that encryption doesn'tobviate the need for notification if personal information goes astray- as per a member of the Attorney General's office for enforcement.

(Massachusetts law also includes paper documents as part of theprotected info - if the US Postal service misdelivers a correctlyaddressed letter with PII, then the consumer is supposed to be notified)


Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307
Phone: (617) 252-1461
http://mit.edu/infoprotect



On Oct 20, 2008, at 12:56 PM, Doug Markiewicz wrote:

Massachusetts seems to have a similar encryption requirement thatgoes into effect 01/01/2009. However, thats just one in a muchmore extensive list of requirements published by the Mass. Officeof Consumer Affairs and Business Regulations in support of existinglaws around the protection of personal information.
http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca
Basgen, Brian wrote:
FYI for anyone who hasn't seen it yet, Nevada is requiringencryption on electronic transfers of personal information. Itseems to be a natural extension of the mandatory data reporting laws."NRS 597.970 Restrictions on transfer of personal informationthrough electronic transmission. [Effective October 1, 2008.]1. A business in this State shall not transfer any personalinformation of a customer through an electronic transmission otherthan a facsimile to a person outside of the secure system of thebusiness unless the business uses encryption to ensure thesecurity of electronic transmission.
      2.  As used in this section:
(a) “Encryption” has the meaning ascribed to it in NRS205.4742.(b) “Personal information” has the meaning ascribed to it inNRS 603A.040.
      (Added to NRS by 2005, 2506, effective October 1, 2008)
~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College

Current thread:

Nevada's mandatory encryption law Basgen, Brian (Oct 17)
- <Possible follow-ups>
- Re: Nevada's mandatory encryption law Jeff Holden (Oct 17)
- Re: Nevada's mandatory encryption law Aaron Kirby (Oct 18)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Basgen, Brian (Oct 20)
- Re: Nevada's mandatory encryption law Don Nightingale (Oct 20)
- Re: Nevada's mandatory encryption law Valdis Kletnieks (Oct 20)
- Re: Nevada's mandatory encryption law Doug Markiewicz (Oct 20)
- Re: Nevada's mandatory encryption law David Shettler (Oct 20)
- Re: Nevada's mandatory encryption law Allison Dolan (Oct 20)