A Nevada law goes into effect Oct. 1 requiring encryption whenever any personal customer data is transmitted electronically in any form other than a fax. It's the first state to pass such a law, according to Privacy and Security Law Blog.
It sounds like a good thing. But the law defines only the words "personal information" and "encryption," according to law firm Hunton and Williams, leaving unclear who qualifies as a business in the state, a "customer"and what falls under "electronic transmission." Breaking the law is a misdemeanor, though it calls for no penalties.
Baseline's Don Sears quotes Las Vegas-based attorney Bryce K. Earl saying the definition of "encryption" also is too broad. He expects the Legislature to rewrite the law to be more specific when it meets next year.