Nevada recently enacted a new Data Protection law which replaced the previous law that was in effect for less than a year. The new law has some broad-reaching implications. The law applies to any business that has any transactions or employees located in the state, no matter where their headquarters are located and requires those businesses that accept credit cards to “comply with the current version” of the PCI DSS.
The text of the law is as follows:
"If a data collector doing business in this State accepts a
payment card in connection with a sale of goods or services, the
data collector shall comply with the current version of the
Payment Card Industry (PCI) Data Security Standard, as adopted
by the PCI Security Standards Council or its successor
organization, with respect to those transactions, not later than the
date for compliance set forth in the Payment Card Industry (PCI)
Data Security Standard or by the PCI Security Standards Council
or its successor organization."
While the law requires data encryption for personal information transmitted outside of the enterprise, it does not apply for data transmission over a secure, private communication channel for approval or processing of negotiable instruments, electronic fund transfers or similar payment methods.
Data sent over public communication links needs to be encrypted, in a secure approved manner as spelled out in the law.
The previous version of the law defined personal information as unencrypted information consisting of an individual's last name and first name (or first initial), combined with his or her Social Security number, driver's license or identification card number, or financial account number plus password or access code.
The law also states that is a business (data collector in the law's terminology) is compliant with the law, then the business shall not be liable for damages unless there is gross misconduct involved.
The Nevada law is scheduled to go into effect January 1, 2010.
The full text of the law can be found here: https://www.leg.state.nv.us/75th2009/Bills/SB/SB227_EN.pdf
Wednesday, June 24, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment