Nevada Data Protection & Privacy Regulations

1,942 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,942
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Legal Disclaimer: This webinar is intended to provide information, not legal opinion or legal advice. You should contact your own legal counsel for professional advice regarding this statute and it’s implications for you.
  • Nevada Data Protection & Privacy Regulations

    1. 1. How to be Compliant with Nevada Data Privacy Laws Thursday September 10 th , 2009 11.30am – 12.00am PDT Alex Teu – Director of Education
    2. 2. Nev. Rev. Stat. § 603A.220 <ul><li>Nevada breach notification law </li></ul><ul><li>Effective since October 1, 2005 </li></ul><ul><li>45 states have passed data breach notification law </li></ul><ul><li>Only states with no security breach law: Alabama, Kentucky, Mississippi, New Mexico and South Dakota </li></ul>
    3. 3. <ul><li>“ Breach” – An unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of PI maintained by Entity </li></ul><ul><li>“ Personal Information” – An individual's first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted: </li></ul><ul><ul><li>SSN; </li></ul></ul><ul><ul><li>Driver's license number or ID card number; </li></ul></ul><ul><ul><li>Bank account number, credit or debit card number. </li></ul></ul><ul><li>PI does not include the last four digits of a SSN or publicly available information that is lawfully made available to the general public. </li></ul>What is it about?
    4. 4. <ul><li>Provide written notice to the affected customer </li></ul><ul><li>How soon? - “Most expedient time possible and without unreasonable delay” </li></ul><ul><li>Notify consumer reporting agencies if need to provide notice to more than 1000 consumers </li></ul><ul><li>Why you want to comply? </li></ul><ul><li>Attorney General may bring an action to stop a continuing or impending violation </li></ul><ul><li>Potential embarrassment and media coverage of data breach </li></ul><ul><li>Business reputation </li></ul>What you need to do?
    5. 5. Nev. Rev. Stat. § 597.970 <ul><li>Effective January 1, 2008 </li></ul><ul><li>“ A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.” </li></ul><ul><li>Nevada is first state to mandate encryption . </li></ul><ul><li>This means that you are in violation merely by transmitting customer information in an unencrypted format, even if there is no actual breach of customer information. </li></ul>
    6. 6. Nev. Senate Bill 227 <ul><li>Effective January 1, 2010 </li></ul><ul><li>New requirement: Nevada businesses must use encryption when data storage devices that contain PI are moved beyond the physical or logical controls of the business. </li></ul><ul><li>A “data storage device” is any device that stores information in electronic or optical medium. This includes, but not limited to, computers, cellular phones, and thumb drives. </li></ul><ul><li>The new law also mandates compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) for businesses that accept payment cards. </li></ul><ul><li>The new law expands the original encryption requirement to both customer and non-customer personal information </li></ul><ul><li>The law creates a potential safe harbor against liability for damages resulting from a security breach unless resulting from gross negligence or intentional misconduct. </li></ul>
    7. 7. Best Practices & Preventive Steps <ul><li>Use encrypted transfer methods when transmitting electronic information… email is NOT secure </li></ul><ul><li>Track all access to private data! Always know who accessed your data, what was accessed and what it was accessed. </li></ul><ul><li>Protect physical data wherever located </li></ul><ul><li>Protect your network </li></ul><ul><li>Manage user profiles </li></ul><ul><li>Select reliable solution vendors </li></ul><ul><li>Train your staff on security guidelines </li></ul>
    8. 8. <ul><li>Audit trail tracking </li></ul><ul><li>SAS 70 Type II certified </li></ul><ul><li>Document expiration controls </li></ul><ul><li>Authentication options </li></ul><ul><li>End-to-end encryption </li></ul>Bullet Proof Security
    9. 9. Thank you for attending our webinar! Contact us for additional information: [email_address] [email_address] 1.888.716.9380 www.leapfile.com Free resources available for download: www.leapfile.com/accounting

    ×