How to Comply with Nevada's New Data Protection Law - NRS 603A
21 January 2010
The new Nevada Data Protection law, NRS 603A (passed as SB 227), is unique in several ways. It is the first state data protection law to provide a “safe harbor” for merchants who are fully PCI-compliant, and provides further protection for organizations that use NIST-compliant encryption to protect personal information. As Catherine Cortez Masto, State Attorney General, put it: Nevada offers a deal both companies and government agencies are unlikely to refuse – encrypt personal data sent electronically and data residing on laptops outside your controlled premises, and you avoid liability if that encrypted data is lost or improperly accessed.