Tag Archives: Nevada

PCI Data Security Standards Council Provides Cloud Compliance Guidelines

Posted on June 21, 2011 by Hunton & Williams LLP

On June 14, 2011, the PCI Security Standards Council’s Virtualization Special Interest Group published its “Information Supplement: PCI DSS Virtualization Guidelines”(the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”).  The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:

  • the PCI DSS applies to cloud environments without exception; 
  • critical analysis of the application of the PCI DSS to rapidly evolving cloud offerings is essential to compliance; and
  • cloud providers must be prepared to document and contract for necessary controls.

Continue reading…

Tags: , , , ,

States Attempt to Address Privacy Risks Associated with Digital Copiers and Electronic Waste

Posted on April 1, 2011 by Hunton & Williams LLP

As reported in BNA’s Privacy Law Watch, on April 1, 2011, a New York law went in effect requiring manufacturers of certain electronic equipment, including devices that have hard drives capable of storing personal information or other confidential data, to register with the Department of Environmental Conservation and maintain an electronic waste acceptance program.  The program must include convenient methods for consumers to return electronic waste to the manufacturer and instructions on how consumers can destroy data on the devices before recycling or disposing of them.  Retailers of covered electronic equipment will be required to provide consumers with information at the point of sale about opportunities offered by manufacturers for the return of electronic waste, to the extent they have been provided such information by the manufacturer. 

Continue reading…

Tags: , , , , , , , ,

Nevada and New Hampshire Data Security and Privacy Laws Take Effect

Posted on January 6, 2010 by Hunton & Williams LLP

On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire.  The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire.

Continue reading…

Tags: , , , , , ,

Nevada Updates Encryption Law and Mandates PCI DSS Compliance

Posted on June 17, 2009 by Hunton & Williams LLP

As of January 1, 2010, Nevada law will require businesses to use encryption when data storage devices that contain personal information are moved beyond the physical or logical controls of the business, in addition to continuing to require that personal information be encrypted if it is transferred outside the secure system of the business. The new law repeals the existing Nevada encryption law, which will remain in effect until January 1, 2010. (For more information on the existing Nevada encryption law, please see our previous Client Alert.) The new law also mandates compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) for businesses that accept payment cards. The law applies to organizations doing business in Nevada and provides that compliance will shield such businesses from liability for damages from a security breach.  To read more, click here.

Tags: , , ,