Even though a company has not experienced an unauthorized access or acquisition of its customer information (and thus has not been subject to Nevada’s breach notification law), in 2008 merely transmitting customer information in an unencrypted format may violate a separate Nevada data security law.
Nevada has enacted a data security law that mandates encryption for the transmission of personal information (see Nev. Rev. Stat. § 597.970 (2005)). Specifically, the Nevada encryption statute generally prohibits a business in Nevada from transferring “any personal information of a customer through an electronic transmission,” except via facsimile, “unless the business uses encryption to ensure the security of electronic transmission.”[1] The Nevada encryption law goes into effect on October 1, 2008.
Please see full publication below for more information.