As of October 1, the state of Nevada requires the encryption of all transmissions, such as e-mail, for all businesses that send personal, identifiable information over the Internet. Violations are criminal misdemeanors.
Its all in Title 52 – Trade Regulations and Practices, Chapter 597 – Miscellaneous Trade Regulations and Prohibited Acts. The Nevada law states:
"A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission."
As with any new law, this one could be bound to catch many Nevada businesses off guard. The statute will affect all the law firms, hotels, resorts, golf courses, nightclubs, check cashing companies, ski lodges and small businesses which incorporate in the tax-friendly state. Nevada is the Wests version of Delaware.
Lawyer Bryce K. Earl, a Las Vegas-based attorney with Santoro, Driggs, Walch, Kearney, Holley & Thompson, has been following the issue closely and believes there are some problems with the statute as it is on the books right now, namely the broad definition of encryption, the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil.
"The statutes lack of specificity with regard to penalties will perhaps create the unintended consequence of opening up more liability," said Earl. He explained why the broad definition of "encryption" by the state is potentially problematic. Here is the definition from the states Web site:
NRS 205.4742 "Encryption" defined. "Encryption" means the use of any protective or disruptive measure, including, without limitation, cryptography, enciphering, encoding or a computer contaminant, to:
1. Prevent, impede, delay or disrupt access to any data, information, image, program, signal or sound;
2. Cause or make any data, information, image, program, signal or sound unintelligible or unusable; or
3. Prevent, impede, delay or disrupt the normal operation or use of any component, device, equipment, system or network.
Earl said an argument could be made that a password-protected document sent in an e-mail might be good enough to hold up with the states broad definition of encryption here. Is that good enough? Moreover, how will Nevada enforce this?
The statute was designed to stop identity theft and online criminal behavior. But once again, the legal system and the IT industry are faced with potentially bigger compliance and liability issues than they probably intended.
I can recommend an email system that has an encryption option that very easily click encrypts any attachment. Give me a call at 630.942.0977.
Read more detail on Legal News Directory – Legal MarketingLegal notice about the Nevada Law Requires Encryption of Emails with Personal Info about Clients rubric : Hukuki Net Legal News is not responsible for the privacy statements or other content from Web sites outside of the Hukuki.net site. Please refer the progenitor link to check the legal entity of this resource hereinabove.
Do you need High Quality Legal documents or forms related to Nevada Law Requires Encryption of Emails with Personal Info about Clients?