The state of Nevada is going all in. By January 1, 2010, every payment card-accepting business in the state of Nevada will be required to comply with PCI DSS regulations. Nevada is the first state to mandate PCI compliance, trumping Massachusetts, the former data security leader in the US (as far as laws are concerned).
This legislation is more of a statement than an actual change as far as companies accepting credit cards are concerned; all businesses accepting payment card transactions are already required to comply with PCI DSS regulations, and can be fined by PCI if regulations are not adhered to. Conversely, the state of Nevada had made no remarks about penalties that would be incurred if their new PCI law is broken.
The group to be affected by this legislation most is companies dealing with non-credit card personal data, such as Social Security numbers, drivers’ license numbers, and account numbers in combination with passwords. Encryption requirements are included in the new law for transfers of these types of personal information outside of a company’s control, though some form of those requirements existed prior to the new legislation.
Comments