OCTOBER 16, 2008 New Data Privacy Laws Set For Firms By BEN WORTHEN
Alicia Granstedt, a Las Vegas-based hair stylist who works for private clients and on movie sets, never worried about conducting most of her business through email.
Ms. Granstedt regularly receives emails from customers containing payment details, such as credit-card numbers and bank-account transfers. Since she travels frequently, she often stores the emails on her iPhone.
But a Nevada law that took effect this month requires all businesses there to encrypt personally-identifiable customer data, including names and credit-card numbers, that are transmitted electronically.
After hearing about the new law, Ms. Granstedt started using email-encryption software, which requires her clients to enter a password to read her messages and send responses. It is a hassle, "but I can't afford to be responsible for someone having their identity stolen," she said.
Nevada is the first of several states adopting new laws that will force businesses -- from hair stylists to hospitals -- to revamp the way they protect customer data. Starting in January, Massachusetts will require businesses that collect information about that state's residents to encrypt sensitive data stored on laptop computers and other portable devices. Michigan and Washington state are considering similar regulations.