I received an e-mail offering a web based training module to assist with
achieving compliance with NV SB 227 requiring "encryption of data in
electronic form in storage or transit".   (see summary below)

I'm curious if anyone on the List who operates in NV or has to manage data
belonging to residents of NV is involved in compliance with this legislation
and if so, what are you doing about data managed on your behalf by third
parties or any possible 'cloud type' storage?  Also would REALLY like to
hear who is doing what about cell phones that may include data that meets
this definition.

Larry
[log in to unmask]



Nevada's Senate Bill No. 227 which came into effect on January 1, 2010,
brings a surprising degree of specificity to defining encryption; encryption
is the "protection of data in electronic or optimal form, in storage or in
transit". Further, the law specifies two aspects of encryption: the
technology used in a particular encryption product, and cryptographic keys
and, it forbids the transfer of personal information or of a data storage
device containing personal information, unless appropriate steps have been
taken to encrypt that data, as defined by the legislation. The legislation
also details security devices that must use encryption, including cell
phones, computers, computer drives and magnetic tape. 
 
Although the legislation contains elements that will be familiar to
organizations already following a comprehensive security framework,
compliance with PCI DSS, HIPAA, GBLA and FISMA does not necessarily equate
to compliance with SB 227. 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]