Nevada Revised Statutes
Chapter 603A - Security and Privacy of Personal Information
NRS 603A.210 - Security measures.


1. A data collector that maintains records which contain personal information of a resident of this State shall implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure.
2. If a data collector is a governmental agency and maintains records which contain personal information of a resident of this State, the data collector shall, to the extent practicable, with respect to the collection, dissemination and maintenance of those records, comply with the current version of the CIS Controls as published by the Center for Internet Security, Inc. or its successor organization, or corresponding standards adopted by the National Institute of Standards and Technology of the United States Department of Commerce.
3. A contract for the disclosure of the personal information of a resident of this State which is maintained by a data collector must include a provision requiring the person to whom the information is disclosed to implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure.
4. If a state or federal law requires a data collector to provide greater protection to records that contain personal information of a resident of this State which are maintained by the data collector and the data collector is in compliance with the provisions of that state or federal law, the data collector shall be deemed to be in compliance with the provisions of this section.
5. The Office of Information Security of the Division of Enterprise Information Technology Services of the Department of Administration shall create, maintain and make available to the public a list of controls and standards with which the State is required to comply pursuant to any federal law, regulation or framework that also satisfy the controls and standards set forth in subsection 2.
(Added to NRS by 2005, 2504; A 2019, 2574)

<< Previous
Next >>

Structure Nevada Revised Statutes

Nevada Revised Statutes

Chapter 603A - Security and Privacy of Personal Information

NRS 603A.010 - Definitions.

NRS 603A.020 - "Breach of the security of the system data" defined.

NRS 603A.030 - "Data collector" defined.

NRS 603A.040 - "Personal information" defined.

NRS 603A.100 - Applicability; waiver of provisions prohibited.

NRS 603A.200 - Destruction of certain records.

NRS 603A.210 - Security measures.

NRS 603A.215 - Security measures for data collector that accepts payment card; use of encryption; liability for damages; applicability.

NRS 603A.217 - Alternative methods of and technologies for encryption: Adoption of regulations.

NRS 603A.220 - Disclosure of breach of security of system data; methods of disclosure.

NRS 603A.260 - Violation constitutes deceptive trade practice.

NRS 603A.270 - Civil action.

NRS 603A.280 - Restitution.

NRS 603A.290 - Injunction.

NRS 603A.300 - Definitions.

NRS 603A.310 - "Consumer" defined.

NRS 603A.320 - "Covered information" defined.

NRS 603A.323 - "Data broker" defined.

NRS 603A.325 - "Designated request address" defined.

NRS 603A.330 - "Operator" defined.

NRS 603A.333 - "Sale" defined.

NRS 603A.337 - "Verified request" defined.

NRS 603A.338 - Applicability of provisions.

NRS 603A.340 - Notice regarding covered information collected by operator: Operator required to make available to consumers; contents; exception.

NRS 603A.345 - Submission of verified request to operator not to sell covered information collected by operator; response to verified request.

NRS 603A.346 - Submission of verified request to data broker not to sell covered information purchased by data broker; response to verified request.

NRS 603A.347 - Data broker authorized to remedy first failure to comply with requirements concerning verified request.

NRS 603A.348 - Operator authorized to remedy first failure to comply with notice requirements.

NRS 603A.349 - Operator authorized to remedy first failure to comply with requirements concerning verified request.

NRS 603A.350 - Unlawful acts.

NRS 603A.360 - Enforcement by Attorney General; civil penalty for violation or injunction; no private right of action against operator; provisions not exclusive.