On May 13, 2015, Nevada Governor Brian Sandoval (R-NV) signed into law A.B. 179 (the “Bill”), which expands the definition of “personal information” in the state’s data security law. The law takes effect on July 1, 2015. Under the Bill, personal information now includes:
- a “user name, unique identifier or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account;”
- a medical identification or health insurance identification number; and
- a driver authorization card number.
In addition, although Nevada’s data security law previously excluded “publicly available information. . . lawfully made available to the general public” from the definition of personal information, the Bill narrows the scope of that exclusion, limiting it to information available “from federal, state or local governmental records.”