Nevada

In plain terms. Nevada governs state information services and protects personal information by statute, including a dedicated security-and-privacy chapter.

Who it applies to. State agencies and their IT vendors; the personal-information chapter also reaches businesses handling Nevada residents' data. The state participates in StateRAMP, its baseline for vetting cloud-service security.

What it requires. State law covers information services, state purchasing, computers, and — importantly — the security and privacy of personal information, with public-records rules alongside.

Why it matters. Vendors handling Nevada residents' personal data must meet the state's security-and-privacy requirements, and IT vendors follow its information-services and purchasing rules.

Citation. Nev. Rev. Stat. chs. 242 (Information Services), 333 (Purchasing: State), 603A (Security and Privacy of Personal Information), and 239 (Public Records).

In plain terms. Nevada applies a state information-security program policy and procurement rules to vendors.

Who it applies to. State agencies and their IT vendors.

What it requires. The state information-security program policy sets security requirements, and administrative rules govern the contract procedure between the information-services division and vendors.

Why it matters. Expect Nevada's information-security program policy and division contracting procedures to govern your engagement.

Citation. Nev. Admin. Code ch. 239 and § 242.160 (Contract Between Division and Vendor); Nevada OIS 100 (State Information Security Program Policy).