Nevada Amends Personal Data Provisions
The state of Nevada has updated its provisions regarding the collection of personal information. Provisions in Senate bill 302 range from effective immediately to effective as of January 1, 2021.
Government Agencies
Section 1 of the bill has added a provision concerning governmental agencies acting as data collectors. Government agencies which collect and maintain records containing personal information of a Nevada resident must comply with the current version of the CIS Controls as published by the Center for Internet Security, Inc. or corresponding standards used by the National Institute of Standards and Technology of the United States Department of Commerce.
List of Controls
The Office of Information Security of the Division of Enterprise Information Technology Services of the Department of Administration is required to create and maintain a list of controls and standards to be adhered to by the State pursuant to any federal laws or regulations. This list must be made available to the public.
Electronic Waste
The bill also adds that the Legislative Counsel Bureau, all state agencies, all school districts, and all courts of justice within the State are required to permanently remove any data stored on electronic waste prior to disposal of said waste. “Electronic waste” is defined as electronic equipment that for any reason has entered the waste collection, recovery, treatment, processing, or recycling system.
Audit Reports
The Legislative Auditor’s audit reports must not contain any information that the he or she determines could potentially expose the State to a breach of security. If the Legislative Auditor discovers such information in the course of an audit, he or she must report the vulnerability immediately to the Governor, the Chair of the Legislative Commission, the Chair of the Audit Subcommittee, and the head of the affected agency.
For the full text of Senate bill 302, please refer to https://legiscan.com/NV/text/SB302/id/2028529/Nevada-2019-SB302-Enrolled.pdf.
Elizabeth Dailey, JD, is a Regulatory Compliance Director with CLA. She is a graduate of the University of New Hampshire and earned her juris doctor at New England Law. She is admitted to the Massachusetts Bar.
Comments are closed.