Nevada Revised Statute 597.970 - Security of Personal Information

Nevada laws now require any governmental agency, institution of higher education, corporation, financial institution or retail operator or any other type of business entity or association that, for any purpose, whether by automated collection or otherwise, handles, collects, disseminates or otherwise deals with nonpublic "personal information" of a resident of Nevada shall implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure.

On the legal side, companies may be uncertain regarding the meaning of specific terms in the statute and the consequences for violating the statute.

Basically, NRS 597.970 requires the encryption of personally identifiable information over electronic transmissions.

The statute reads:
“A business in the state shall not transfer any personal information of a customer through an electronic transmission, other than a facsimile, to a person outside of the secure system in the business unless the business uses encryption to ensure the security of electronic transmission.”

The statute further defines “personal information” and “encryption,” but leaves other terms undefined, such as “facsimile,” “secure system,” “ensure the security” and even “electronic transmission.”

With respect to the primary exception of “facsimile,” given the prevalent convergence of traditional paper fax machines with electronic systems, at what point does a “facsimile” become a violation of the statute? For example, is it a violation if a “facsimile” is sent: (a) from a computer rather than feeding paper through a separate fax machine or (b) from a traditional fax machine, but received by a system that automatically converts the document to a TIFF or PDF file attached as an e-mail? The undefined word “facsimile” represents a gray area in which a business might violate the statute without meaning to do so.

To comply with NRS 597.970, many companies resort to secure email systems, either hosted or in-house only to find that this greatly increases cost, is a burden to use and is an annoyance for your clients. And worse, if you need to send an email with a file attachment larger than 5 megabytes, secure email still imposes the same 5 megabyte limitation that you have in your regular email system.

To keep your cost low, your clients happy and to provide immediate delivery of data while complying with NRS 597.970, EasyDocEx offers a turnkey solution providing immediate compliance with Nevada's NRS 597.970. Our state of the art, fully redundant high speed Managed File Transfer (MFT) and Secure Data System provides a secure data portal for your employees, clients and partners to access or exchange mission critical data while transferring or storing data on our 256bit, fully encrypted data network. 

EasyDocEx combines cutting-edge security technology, best practices and a team of certified senior-level professionals to help ensure that security. Using state-of-the-art traffic profiling and anomaly detection capabilities, we manage and secure our networks, pinpoint and troubleshoot network attacks, monitor our servers and applications, and analyze network security performance issues. Multiple levels of security (known as Defense in Depth) allow elevated levels of control for maintenance personnel without compromising security—including private network circuits for systems management and data and duplication for disaster recovery.

EasyDocEx utilizes Secure Socket Layer protocol (SSL) with 256-bit encryption to protect personal information sent or received through our EasyDocEx system and complies with the Federal Information Process Standard 140-2, Security Requirements for Cryptographic Modules. This protocol is supported in the latest versions of the most popular web browsers, such as Firefox 3.0 and Microsoft's Internet Explorer. To assure that all web browsers provide the greatest level of security, EasyDocEx utilizes Server Gated Cryptography (SGC). Server Gated Cryptography provides the ability to 'up-rate' older browsers that are only capable of weak, 40-bit and 128-bit encryption to ultra-secure 256-bit encryption.