A Nevada law requiring encryption of customer personal information went into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970. The legislation is short but potentially wide-ranging in scope.
NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]
1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.
2. As used in this section:
(a) “Encryption” has the meaning ascribed to it in NRS 205.4742.
(b) “Personal information” has the meaning ascribed to it in NRS 603A.040.
(Added to NRS by 2005, 2506, effective October 1, 2008)
What Is Personal Information?
Nevada law defines “personal information” to mean:
natural person’s first name or first initial and last name in combination with the person’s: social security number; driver’s license number or identification card number; and/or account, credit or debit card number in combination with any security code, access code, or password that would permit access to the person’s financial account.
Nev. Rev. Stat. § 603A.040. Natural person is not limited to Nevada residents.
What is Encryption?
Encryption means
the use of any protective or disruptive measure, including, without limitation, cryptography, enciphering, encoding or a computer contaminant, to:
(Added to NRS by 1999, 2704)
1. Prevent, impede, delay or disrupt access to any data, information, image, program, signal or sound;
2. Cause or make any data, information, image, program, signal or sound unintelligible or unusable; or
3. Prevent, impede, delay or disrupt the normal operation or use of any component, device, equipment, system or network.
Nev. Rev. Stat. § 205.4742 (2007).