Last year, Nevada passed one of the most onerous technology mandates we’ve seen to date. NetChoice listed the bill among its top ten worst proposals in our inaugural iAWFUL list (June 2009), but to no avail. This time, we hope to repeal the law.
Nevada law now thinks that encryption is the answer…for everything! Yet one-size-fits-all mandates have government in an inappropriate role of mandating one technology over another. The result is technology lock-in and burdensome compliance on small businesses.
The law requires companies to comply with the current version of the Payment Card Industry (PCI) Data Security Standard. It also imposes a hard encryption mandate that forces businesses to implement encryption technology that has been adopted by an established standards setting body. It prohibits any business from (1) transmitting personal information outside of the secure system of the business or (2) moving any data storage device beyond the logical or physical boundaries of the business, unless secured by encryption.
What’s wrong? Privacy legislation that sets information collection defaults will harm the growth of online commerce.
