Comments on: Why is Minnesota the Only State with a PCI DSS law? http://blog.subjunctive.com/2008/06/08/minn_dss/ Notes on Security, Privacy, and the Law Tue, 04 Jan 2011 03:25:09 +0000 hourly 1 http://wordpress.com/ By: Tom Considine, CIPP http://blog.subjunctive.com/2008/06/08/minn_dss/#comment-295 Tue, 04 Jan 2011 03:25:09 +0000 http://lawnerd.wordpress.com/?p=7#comment-295 Jim,
Interesting writeup. Since you posted this blog sometime ago, Nevada passed legislation requiring compliance with all provisions of PCI DSS. NRS603A-Security of Personal Information states;
“If a data collector doing business in this State accepts a payment card in connection with a sale of goods or services, the data collector shall comply with the current version of the Payment Card Industry (PCI) Data Security Standard, as adopted by the PCI Security Standards Council or its successor organization, with respect to those transactions, not later than the date for compliance set forth in the Payment Card Industry (PCI) Data Security Standard or by the PCI Security Standards Council or its successor organization.”

Needless to say I have my hands full here in Nevada.

Regards,

Tom

]]> By: Joe Campana http://blog.subjunctive.com/2008/06/08/minn_dss/#comment-6 Fri, 04 Jul 2008 04:06:56 +0000 http://lawnerd.wordpress.com/?p=7#comment-6 I was pleased to see that the Wisconsin Bill did not go through this session. I had significant concerns because the bill allowed merchants to save full magnetic strip data, access number, and PIN for up to 48 hours. Under PCI-DSS saving magnetic strip data and the PIN Block is prohibited.

]]>