How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Andrea, Esq. Your Own Question
Andrea, Esq.
Andrea, Esq., Attorney
Category: Legal
Satisfied Customers: 12554
Experience:  25 yrs. experience in family law, estates, real estate, business law, criminal defense, immigration, and employment law.
Type Your Legal Question Here...
Andrea, Esq. is online now
A new question is answered every 9 seconds

Id like to get an opinion on Nevada email encryption law,

This answer was rated:

I'd like to get an opinion on Nevada email encryption law,

NRS 603A.030 "Data collector" defined. "Data collector" means any governmental agency, institution of higher education, corporation, financial institution or retail operator or any other type of business entity or association that, for any purpose, whether by automated collection or otherwise, handles, collects, disseminates or otherwise deals with nonpublic personal information.

Can Nevada online Websites request for you to upload and send them your personal information by email requests, when it's not a direct encrypted connection to the their Website? The ISP, or email provider is in fact the one handling, collecting and disseminates the said personal information via their system/ database to the site. Actually email can travel through several ISP's before reaching the intended party and this is all done with NO encryption therefore breaching the data law as I understand it.

In one discussion with a site they felt that the law only applies if they send the personal information to a third party, then it must be encrypted during transmission. I explained that what sense would it make for them to need to encrypt emails being sent to third party partners but that I should send personal information to them through an email provider and it didn't need to be encrypted?

So in short should Nevada online Websites be requesting personal information to be sent to them by email and unencrypted?

Hello and Welcome to JustAnswer, My name is XXXXX XXXXX my goal is to provide you with Excellent Service



I would like to help, but need a bit more information, if you do not mind,



1. In what context are you citing Nevada Revised Statutes 603A.030 regarding Data Collection ?

2. Are you asking whether or not websites should not be allowed to ask for personal information ?


Please clarify so that I can give you an accurate Answer,



Thank you,




Customer: replied 4 years ago.
1. Referring to the following:NRS 603A.030  (Data Collector defined)NRS 603A.040 (Personal Information defined)NRS 603A.215 (Security) - 2(a) 2.  A data collector doing business in this State to whom subsection 1 does not apply shall not:(a) Transfer any personal information through an electronic, nonvoice transmission other than a facsimile to a person outside of the secure system of the data collector unless the data collector uses encryption to ensure the security of electronic transmission; The above are the statutes I'm referring too. Data collector defined, personal information defined and 2(a) security procedures of the data collector.It's of my opinion but I'd like clarification, when a Website requests personal information from a person via email within Nevada that this information must be transmitted by some form of encryption online. Example: The Website says we need a copy of your Drivers License for verification etc.. If a website asks me to send a copy of my Drivers License in an non-encrypted way it appears to me that's not a legal request within the statute. When I'm requested to send it by non encrypted email then the data collector which is actually the email provider, or ISP is allowing the Website to collect personal information in an unsecure way and therefore not abiding by Nevada's encryption law and the site in my opinion should not be asking for this unless it's an encrypted function, or fax.Just to clarify, I see a data collector also being defined as the email provider/ISP and not the Website during transmission. So in fact they shouldn't allow the process to take place but they don't know and therefore the Websites within Nevada should not be making these type requests.Again IMO - Nevada Websites, per the statutes should either allow the customer to send their personal information to them by encrypted email, have an encrypted upload within their site, or allow other encrypted systems to get this information to them. But do not ask for these type requests through unsecure ways, as outlined in the Nevada law.2. I understand that Websites ask for personal information this isn't my question.Please let me know if you have additional questions.thanks...

Hi, Mark, Please accept my apology for the delay, The site is having technical difficulties and it becomes difficult to get into a question, return to a question, and at times, loses the Answer when we press the "Answer" button.


Thank you for your additional information. Reading Nevada Revised Statutes Section 603A.020, Section 603A.215, and the definition of personal information contained in Section 603A.040, together, the meaning appears to be a very technical one. The Statute prohibits anybody within the definition of "data collector" from transferring or sending anybody's personal information by means of any electronic, nonvoice equipment, except by fax (facsimile). The Statutes, however, do not prohibit any "data collector" from requesting this information. In other words, a website, being a "data collector" by the Statute's definition, can request an individual to send them personal information using the internet, but they will be prohibited from sending or transferring this personal information, without first encrypting it, to anybody else electronically, or by nonvoice transmittal, except by using a fax machine.


If a website requests personal information from an individual, they are not in violation of the Statute; it is only if they send or transfer this personal information by electronic means, other than by fax, without first encrypting it, to any other individual, company, website, or any other entity, that they would be in violation.


I have not read the legislative history of these sections, so I cannot say if the Nevada State Legislature, when enacting this particular piece of legislation, intended this fine distinction between "requesting" and "sending" personal information, but as enacted, there is a definite distinction between the two,






Please be kind enough to rate "Excellent Service" so that I receive credit

for assisting you,



Bonus and Positive Feedback on survey is very much appreciated,




Thank you for allowing me the opportunity to be of assistance,











Customer: replied 4 years ago.
I totally agree but within your own words...

The Statute prohibits anybody within the definition of "data collector" from transferring or sending anybody's personal information by means of any electronic, nonvoice equipment, except by fax (facsimile).

I understand this is a thin line but let's look at common sense within the reg..

If a Website can't transfer my personal information to a third party unless it's encrypted then how can they request it unencrypted?

Again: The data collector is the email provider /ISP and not the Website although the information ends up with them.

This appears debatable within the courts, if it should!

Hi, Mark,


Thank you for agreeing with my interpretation.


I am not being joking when I ask you, "Do you know how many laws are passed to which you cannot interpret using common sense ?


I understand completely what you are saying; common sense tells you that since the email provider/ISP will not use that information, that by necessity, it serves only as a conduit for transferring that information to the entity who will use this information, "therefore, the law also applies to data collectors who request personal information so that they will have to comply with the Statute".


You would think that this is the way it should be interpreted because it is the only way that all personal information will be encrypted. However, we cannot interpret the law that way because that is not what it says and it is not how it is written. This is meant by the phrase, "to the letter of the law". When we were I elementary school, we learned in our history class that Congress enacts the laws, our Courts interpret the law, and the President carries out the law.


Therefore, a test case would have to be brought and have the Courts of Nevada and ultimately, the Supreme Court of Nevada and possibly, the United States Supreme Court, interpret this particular section of the Nevada Revised Statutes. Then the Nevada Legislature will amend those sections so that they actually protect personal information by encryption which was the original intent of the Nevada Legislature, but fell slightly short of their intended result,



Please be kind enough to rate "Excellent Service" so that I receive credit

for assisting you,



Bonus and Positive Feedback on survey is very much appreciated,




Thank you for allowing me the opportunity to be of assistance,






Andrea, Esq. and 5 other Legal Specialists are ready to help you

Related Legal Questions