Rebecca Herold of IT Compliance has a commentary on Nevada’s new encryption law and whether the state’s data breach law makes the encryption law moot. It begins:
On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010.
In many ways the new law is an improvement over the much more vague, and brief, NRS 597.970. I want to focus here on an improvement, but something that still leaves much to interpretation; that is, what is meant by “encryption”?
According to NRS 205.4742,
“‘Encryption’ means the use of any protective or disruptive measure, including, without limitation, cryptography, enciphering, encoding or a computer contaminant, to: 1. Prevent, impede, delay or disrupt access to any data, information, image, program, signal or sound; 2. Cause or make any data, information, image, program, signal or sound unintelligible or unusable; or 3. Prevent, impede, delay or disrupt the normal operation or use of any component, device, equipment, system or network.”
Read more on IT Compliance.