On June 13, the Nevada Governor signed into law S.B. 267, amending the encryption requirements of the Nevada data security law. Before its amendment, the Nevada law, in pertinent part, prohibited (and continues to prohibit) a business from moving any “data storage device” containing personal information beyond the physical controls of the business or its data storage contractor, unless the information is encrypted. The term “data storage device” is broadly defined as any device that stores information from any electronic or optical medium, including, but not limited to, computers, cell phones, magnetic tape, and computer drives.
S.B. 267 amended this requirement to clarify that a business is also prohibited from moving a “multifunctional device” containing personal information beyond the physical controls of the business, its data storage contractor, or a person who has assumed the business’s obligation to protect personal information, unless the information is encrypted. In this regard, the term “multifunctional device” is defined as a machine that incorporates the functionality of devices, including, but not limited to, a printer, copier, scanner, or fax machine.