IMGCAP(1)]
Nevada Gov. Jim Gibbons in late May signed into law legislation requiring the state's merchants to comply with the Payment Card Industry Data Security Standard. Effective Jan. 1, Nevada businesses that accept payment cards for goods or services must comply with the current version of the PCI standard no later than the compliance dates mandated by the card brands. The law also states that a business will not be liable for data breach-related damages if it is in compliance with the law and did not cause the breach by gross negligence or misconduct. The safe harbor for merchants that comply "provides a carrot for compliance rather than just the stick" should a breach occur, says Nick Holland, an analyst with Aite Group LLC, a Boston-based consulting firm. Nevada's law may "get the ball rolling for a lot of other states" to pass similar laws, he says, adding the law is good in his view because it increases data-security awareness. A representative for the Wakefield, Mass.-based Payment Card Industry was not available for comment by CardLine deadline.
