Monday, September 22, 2008

Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st

Slashdot notes an article about a looming deadline on e-mail encryption in the state of Nevada. All transmissions, i.e. e-mail, for all businesses that send personal, identifiable information over the Internet must be encrypted starting October 1st of this year.

The statute was signed into law in 2005 and reads as follows:
NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]

1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.
Bryce K. Earl, a Las Vegas-based attorney, has been following the issue closely and believes there are some problems with the statute as it is currently written, including opening up all kinds of unintentional liability issues.

For full write-up, see Baseline.