Nevada Encryption Law Protects Against Identity Theft
Researchers at Carnegie Mellon University related in their September study that breach-notification laws have only reduced identity theft by about 2%. This is a pretty alarming statistic, considering more than 40 states have adopted the law. Now, Nevada legislation is working to nudge that statistic up a bit with its newly enforced data encryption law.
According to Ben Worthen’s article in the Wall Street Journal, Nevada is the first state (Michigan, Massachusetts and Washington plan to follow suit) to adopt laws that will force businesses “to revamp the way they protect customer data.” The law requires all businesses to encrypt personally identifiable customer data that are transmitted electronically.
However, this law does not just affect Nevada businesses. It spiderwebs out to all out-of-state companies with operations or customers in the state. National Life Group, based in Montpelier, Vermont, is one of thousands of companies that are scrutinizing the new law. Information Security Officer Andrew Spiers told WSJ, “We do business in all 50 states so we’re definitely reviewing [the new security laws].”
Though some companies are frowning upon this addition — which is going to be quite costly (especially in the country’s current financial crisis) –others are nodding to the money that this new law will save them in legal fees. The law dictates that all companies with the encryption in use are only liable for up to $1,000 in damages to each customer involved in a data breach. Without encryption, companies are liable for any potential lawsuits, including the added charge of negligence since they failed to cooperate with the newly passed law. In the long run, having the new data encryption can save billions of dollars in legal fees, though up front it will be slightly costly.
The Massachusetts state government estimates that a business with 10 employees will need to spend up to $3,000 starting out, and another $500 a month to comply with the encryption law. Larger companies assess costs to be the same per employee.
While they’re still on the data security subject, it would be wise to add a service like the laptop tracking provided by MyLaptopGPS — because despite encryption policies, laptops will inevitably be stolen. It’s better to have the encrypted data back in the right hands than floating around cyberspace somewhere with no way to recover it.
So, Nevada… think about that little addition.
Tags: Carnegie Mellon University, data breach, data encryption, laptop security, MyLaptopGPS, National Life Group, Nevada, Wall Street Journal
