LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Raindrip: Sort of- Jan 2010 Nevada Law re: Encryption
From:	David Gaynon <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 5 May 2010 08:06:06 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)

A few references in follow-up to Larry's post

First the bill in Nevada.

http://www.leg.state.nv.us/75th2009/Bills/SB/SB227_EN.pdf

Second an interesting article on this
http://www.infolawgroup.com/2010/03/articles/nevada-security-of-personal-in/a-closer-look-at-the-pci-compliance-and-encryption-requirements-of-nevadas-security-of-personal-information-law/

Third a reference to PCI standards mentioned in the bill.  There is a minimum 1 year retention requirement for audit trail history with 3 months kept available on line.

https://www.pcisecuritystandards.org/docs/pci_audit_procedures_v1-1.doc 


David B. Gaynon
[log in to unmask]
Huntington Beach CA, USA

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Larry Medina
Sent: Wednesday, May 05, 2010 7:19 AM
To: [log in to unmask]
Subject: Raindrip: Sort of- Jan 2010 Nevada Law re: Encryption

I received an e-mail offering a web based training module to assist with achieving compliance with NV SB 227 requiring "encryption of data in
electronic form in storage or transit".   (see summary below)

I'm curious if anyone on the List who operates in NV or has to manage data belonging to residents of NV is involved in compliance with this legislation and if so, what are you doing about data managed on your behalf by third parties or any possible 'cloud type' storage?  Also would REALLY like to hear who is doing what about cell phones that may include data that meets this definition.

Larry
[log in to unmask]



Nevada's Senate Bill No. 227 which came into effect on January 1, 2010, brings a surprising degree of specificity to defining encryption; encryption is the "protection of data in electronic or optimal form, in storage or in transit". Further, the law specifies two aspects of encryption: the technology used in a particular encryption product, and cryptographic keys and, it forbids the transfer of personal information or of a data storage device containing personal information, unless appropriate steps have been taken to encrypt that data, as defined by the legislation. The legislation also details security devices that must use encryption, including cell phones, computers, computer drives and magnetic tape. 
 
Although the legislation contains elements that will be familiar to organizations already following a comprehensive security framework, compliance with PCI DSS, HIPAA, GBLA and FISMA does not necessarily equate to compliance with SB 227. 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US