|Chapter 630A – Security of Personal Information|
|CITATION||Nev. Rev. Stat. §§ 603A.010 et seq.|
The law requires a business that maintains records which contain personal information of a Nevada resident must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure. Businesses that disclose personal information must require the person to whom the information is disclosed to implement and maintain reasonable security measures to prevent personal information from unauthorized access, acquisition, destruction, use, modification or disclosure.
Businesses that accept credit cards for transactions must comply with the requirements of the Payment Card Industry’s PCI Data Security Standard.
The Act requires the use of encryption if personal information is to be transmitted outside of a secure system or moved outside of the secure system. These requirements do not apply to telecommunication providers acting solely in the role of conveying the communication.
The law covers ‘Personal Information’ which means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted:
|INDUSTRY||All “Data Collectors” which is defined as any governmental agency, institution of higher education, corporation, financial institution or retail operator or any other type of business entity or association that, for any purpose, whether by automated collection or otherwise, handles, collects, disseminates or otherwise deals with nonpublic personal information.|
|PENALTIES||A court can order the person who violated the Act to pay restitution to the data collector. The individual’s whose data was breached does not have a right of action to pursue recovery of damages. Additionally, the Attorney General may bring an action for injunction to prohibit a violation.|