The "e" in e-mail now stands for "encrypted?"

Michele Donohue writes for The NonProfitTimes about a new Nevada (and Massachusetts) state law requiring encryption of personal information email transmissions that contain donor's credit/debit card information... 

States Push To Encrypt Donor/Client Info
Michele Donohue

Fred Schultz, CEO and founder of the Foundation for Positively Kids (FPK) in Las Vegas, deals with a lot of confidential information in his program for medically-dependent children. The organization stores names, addresses, medication, family information and donor credit card information.

A good portion of that information arrived via email. That system now must be overhauled to accommodate a new Nevada law that requires personal information transmissions to be encrypted.

“We are trying to take care of sick and dying kids -- why do I have to worry about a new Nevada encryption law?,” Schultz asked rhetorically.

Nevada is not alone. A data security measure became law on January 1 in Massachusetts and it is being talked about in several other states. FPK’s information technology (IT) support implemented a new program that would require recipients to have a password to access sensitive emails. “It’s the law, and whether it has teeth behind it or not, there has to be an effort made by nonprofits large and small to try to abide by what the new statute would be,” he said.

The Nevada law, which falls under Nevada’s Miscellaneous Trade Regulations and Prohibited Acts, states that personal information cannot be transferred through electronic transmission outside a secure system unless it’s encrypted.

Both Nevada and Massachusetts define personal information as: “a natural person’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted: (1) Social security number, (2) Driver’s license number or identification card number, and (3) Account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to the person’s financial account.”

The Nevada statute holds organizations financially accountable for security breaches, which could include civil suits from effected parties... (continue reading at NonProfitTimes
Reblog this post [with Zemanta]

Posted by John B. Frank Tuesday, January 6, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers