In a week and a day, Nevada steps up with a new law requiring encryption of electronically transmitted personal information.
NRS 597.970 Restrictions on transfer of personal information through electronic transmission.
[Effective October 1, 2008.] 1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.
Leaving the discussion of the technical and legal aspects of this new law to others, I find this new law refreshing in a number of ways. Lawyers and regulators love to ramble about protecting clients’ knowledge but balked when it comes to actually imposing defined methods and duties. Where state bars and courts soft-peddle the duty, the State of Nevada has taken a much stronger stance.
More importantly, this new law recognizes the unsecure nature of the Internet and looks at knowledge (personal information in this case) as an asset to be protected. I like this angle. We talk about KM but do not usually recognize that the “M” is management and good management means good protection.
I predict the Nevada law will see various challenges in the near future, but welcome dialogue on this vital KM issue.