Nevada Law Requires Businesses to Encrypt Personal Information; Compliance with PCI Data Security Standard

On May 29, Nevada Governor James A. Gibbons signed SB 227, a bill that requires Nevada data collectors to encrypt “personal information” that is moved or electronically transferred to an outside party. If such encryption is in place, a company is shielded from liability resulting from a data breach, except in cases of gross negligence or intentional misconduct. The bill further requires data collectors that accept debit or credit cards to comply with the current Payment Card Industry Data Security Standard. The bill becomes effective January 1, 2010.