Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

What it covers: In January 2010, Nevada was the first state to enact a data security law that mandates encryption for customers' stored and transported personal information.

More about encryption

* How to do end-to-end encryption

* Full-disk encryption dos and don'ts

Who is affected: Businesses that collect and retain personal information of Nevada residents.

Link to the law: http://www.leg.state.nv.us/nrs/nrs-603a.html

Key requirements/provisions: The law contains the following requirements:

* Data collectors that accept payment cards comply with the current version of PCI/DSS (see above).

* Businesses must encrypt any personal information that is electronically transmitted outside the business's secure system.

* Business must encrypt any personal information stored on a device (computer, phone, magnetic tape, flash drive, etc.) moved beyond the logical or physical controls of the data collector or data storage contractor.

* Businesses are not liable for damages of a security breach if they are in compliance with the law and the breach was not caused by gross negligence or intentional misconduct.

Source: State of Nevada, Paul Mudgett

Section four: Selected international security and privacy laws

Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA)--Canada

What it covers: This Canadian privacy law governs how public and private organizations collect, use and disclose personal information in the course of business. It went into effect in January 2001 for federally regulated organizations and in January 2004 for all others.

In May 2010, Bill C-29 introduced numerous amendments to PIPEDA, involving exceptions for the use and disclosure of personal information without consent and further requirements for business transactions.

Who is affected: All private-sector companies doing business in Canada.

Link to the law: http://www2.parl.gc.ca/HousePublications/Publication.aspx?pub=bill&doc=c...

Bill C-29 amendments: http://www2.parl.gc.ca/HousePublications/Publication.aspx?Docid=4547739&

Key requirements/provisions: PIPEDA establishes 10 principles to govern the collection, use and disclosure of personal information:

1. Accountability

2. Identifying Purposes

3. Consent

4. Limiting Collection

5. Limiting Use, Disclosure and Retention

6. Accuracy


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question