Nevada

The law requires a business that maintains records which contain personal information of a Nevada resident must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure. Businesses that disclose personal information must require the person to whom the information is disclosed to implement and maintain reasonable security measures to prevent personal information from unauthorized access, acquisition, destruction, use, modification or disclosure.

Businesses that accept credit cards for transactions must comply with the requirements of the Payment Card Industry’s PCI Data Security Standard.

The Act requires the use of encryption if personal information is to be transmitted outside of a secure system or moved outside of the secure system. These requirements do not apply to telecommunication providers acting solely in the role of conveying the communication.

The law covers ‘Personal Information’ which means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted:

1. Social Security number;
2. Driver’s license number or identification card number; and
3. Account number, credit card number, in combination with any required security code, access code or password that would permit access to the person’s financial account.
4. Note that personal information does not include the last 4 digits of a social security number or information that is publicly available.