Protecting Knowledge

In a week and a day, Nevada steps up with a new law requiring encryption of electronically transmitted personal information. NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]

1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission. Leaving the discussion of the technical and legal aspects of this new law to others, I find this new law refreshing in a number of ways. Lawyers and regulators love to ramble about protecting clients' knowledge but balked when it comes to actually imposing defined methods and duties. Where state bars and courts soft-peddle the duty, the State of Nevada has taken a much stronger stance. More importantly, this new law recognizes the unsecure nature of the Internet and looks at knowledge (personal information in this case) as an asset to be protected. I like this angle. We talk about KM but do not usually recognize that the "M" is management and good management means good protection. I predict the Nevada law will see various challenges in the near future, but welcome dialogue on this vital KM issue.

Bookmark and Share


Greg Lambert said...

There has been a push for this type of protection of data by local, state and federal governments for at least 12 years now. To bastardize a saying by Andrew Jackson... they've made the law, now let's see them enforce it!

Greg Lambert said...

Article by Proskauer Rose:

Leaving Las Vegas . . . IF Encrypted
[view article]

A Nevada law requiring encryption of customer personal information goes into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970 (2007). While the legislation is short in length, it is potentially wide-ranging in scope.
In particular, the legislation requires any "business in this State" to encrypt an electronic transmission (other than via facsimile) of "any personal information of a customer" to "a person outside of the secure system of the business unless the business uses encryption to ensure the security of the electronic transmission." Id.

Toby Brown said...

I'm looking forward to lawyers figuring out this will up their duty to protect client information in electronic transmissions.



© 2014, All Rights Reserved.