When you do business across state borders, you increase the number of security issues your business needs to be concerned with. Not only are you bound by federal and your own state’s laws; you and any vendors or partners are bound by the laws of the state where your clients do business and reside. In 2015, Nevada revised their laws regarding the security of personal information. By ensuring that you understand the state’s law, you can ensure that you and your business stay compliant.
What Is Personal Information in Nevada?
As of July 1, 2015, an amendment to the state’s laws on security of personal information went into effect. Under state law, any of the following can be considered personal information when combined with an individual’s first name or initial and last name:
- their social security number.
- a driver’s license or ID card number.
- account numbers in combination with security codes that would provide access to a financial account.
- credit and debit card numbers.
- driver authorization card numbers.
- health insurance ID numbers.
- usernames or email addresses in combination with data that could provide access to an online account.
The last three items on the list were added as part of the 2015 amendment. Under Nevada law, all of this information must be encrypted to protect individuals’ privacy.
Additionally, any business that collects debit or credit card information as part of their business must comply with the most recent version of the Payment Card Industry Data Security Standard (PCI Standard). These standards are created to align with the latest security technology and best practices.
What Are the Implications of Nevada’s Laws for Businesses?
Businesses that own or license data of Nevada residents must keep all personal information safe. The broad number of categories mean that there are more instances that, when data is not handled securely, trigger a security incident. When a data breach occurs, you will have to follow notification processes that are required by law.
Is Nevada’s Personal Information Law Unusual?
Many states have rules and requirements for how personal data is handled. Nevada’s law was updated in 2015 to bring their requirements in line with those of stricter states. When doing business in multiple states, it is vital that you have someone on your side who understands all of the relevant laws and how to best comply with them.
How Can You Comply with Nevada’s Privacy Laws?
Proper data encryption is a must to keep personal information private and safe from breaches. You should also understand what information is exempt from encryption requirements. In Nevada, for instance, you can leave the last four digits of an ID card number, a driver’s license number or Social Security number unencrypted. This allows you and your clients to be sure you are dealing with the right account without sacrificing security.
It is also necessary to ensure that everyone who works in and with your business understands the requirements of good security culture. This means handling data well within your organization. Educating employees can cut down on the chance of the behavior that leads to expensive breaches. A few things that can help keep data safe:
Have a firm policy regarding smart phones and other devices.
If you have a BYOD (Bring Your Own Device) policy, be sure that employees are aware of any rules about how the device can be used and what sorts of applications are allowed on devices on your organization’s network.
Make sure that workers know how to manage information like credit cards and passwords.
Passwords, for instance, should be both easy to remember and hard to guess. Difficult passwords are more likely to be written down on sticky notes or saved in online password savers, making them more vulnerable.
Make sure that your company’s servers and routers meet the latest security standards.
Keep security software up to date. Ensure that default passwords on routers are changed to secure ones.
Enforce security protocols on all data so that everything is on a need-to-access basis.
This ensures that only the people who need access to specific sensitive data are able to get to it.
What Do You Do When There’s a Breach?
Sometimes, even when you are careful, personal data is exposed in a breach. Having a response plan in place can help you minimize the damage. First, identify the source and breadth of the breach. Limit exposure by isolating the affected data. Notify staff and, if necessary, law enforcement. With the help of security experts, you should identify the steps needed to remediate the breach so that another one does not occur.
Limiting Your Exposure
The best time to consider the issue of a privacy breach is before it ever occurs. By ensuring that you understand applicable laws and how to stay compliant with them, you can cut your chances of costly and reputation-damaging data breaches.
At I.S. Partners, we have years of experience keeping businesses in compliance with privacy laws throughout the country. Need an audit and some education? Get in touch. We can help you identify what you need to know and what you need to do to stay in line with privacy laws in Nevada and throughout the country. For more information, please call us at 215-675-1400, or request a quote online.