Nevada Law Updates Definition of Personal Information

As we will learn later this semester, Nevada has been on the front lines of creating law that protects personal information, requires encryption of credit card data, and adoption of PCI-DSS standards into law.  Now they have adjusted their laws again to reflect technological changes in personal information.  Nevada Governor Sandoval recently signed into law A.B. 179, which expands the definition of “Personal Information (PI)” in the state’s famous data security law. The law will take effect on July 1, 2015. Under the new law, PI now includes:

  • A “user name, unique identifier or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account;”
  • A medical identification or health insurance identification number; and
  • A driver authorization card number.

In addition, although Nevada’s data security law previously excluded “publicly available information…lawfully made available to the general public” from the definition of PI, the new law narrows the scope of that exclusion, limiting it to information available “from federal, state or local governmental records.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s