How to Comply with Nevada's New Data Protection Law - NRS 603A


The new Nevada Data Protection law, NRS 603A (passed as SB 227), is unique in several ways. It is the first state data protection law to provide a “safe harbor” for merchants who are fully PCI-compliant, and provides further protection for organizations that use NIST-compliant encryption to protect personal information. As Catherine Cortez Masto, State Attorney General, put it: Nevada offers a deal both companies and government agencies are unlikely to refuse – encrypt personal data sent electronically and data residing on laptops outside your controlled premises, and you avoid liability if that encrypted data is lost or improperly accessed.