Learn more about the requirements of Nevada's new law - SB 227 and how you can be compliant with the latest data protection regulation, register for our free webinar on Thursday, Sept 10th at 11.30am PST.

As of Jan 1st, 2010 Nevada’s new electronic encryption law SB 227 will come into effect, replacing the existing law NRS 597.970. The new law will continue to require encryption to protect personal information that is “either transmitted electronically or contained on a data storage device that is moved beyond the controls of the data collector”.

Under this new law, section 3 (a) states that data storage device includes: any electronic or optical medium, including but not limited to, computers, cellular telephones, magnetic tape, electronic computer drives and optical computer drives. This means if you have client’s personal information stored on your laptop, smart phone, PDA or any other device, all the information on those devices will need proper encryption.

SB 227 also further defines “encryption” beyond the vague statement in which the existing law states that the data needs to be an unintelligible form without clarification. SB 227 defines “encryption” to mean the protection of data in electronic or optical form, in both storage and transit by adopting (1) “an encryption technology that has been adopted by an established standards setting body” and also require (2) “appropriate management and safe guards or cryptographic keys to protect the integrity of encryption using guidelines promulgated by an established setting body, including, but not limited to, the NIST”. The new law also mandates compliance with Payment Card Industry Data Security Standard (PCI DSS) for businesses that accept credit cards.

Read the full text of Nevada SB 227 here.