adam's notes

Requirement to Comply with PCI Standards
Nevada
Washington

❯

❯

Requirement to Comply with PCI Standards

Requirement to Comply with PCI Standards

Minnesota and Nevada have laws requiring compliance with parts of Payment Card Industry (PCI) Data Security Standards (DSS).

Minnesota’s Plastic Card Security Act (2007)

Nevada

In 2010, Nevada was the first state to make the entire PCI DSS a state law requirement
- businesses will not be liable for damages for a data breach if:
  - they are following the law and did not engage in other intentional misconduct
- other states have not made PCI DSS a law because:
  - businesses that process credit cards already have to comply under contracts with card networks
  - laws don’t protect these businesses from fines from card networks

Washington

Washington state provides businesses with a safe harbor from data breach liability if they can certify they were PCI DSS compliant at the time of the data breach
- but, law does not require businesses to follow PCI DSS

Graph View

Backlinks

State Laws Protecting Citizen Information and Breach Notification Laws

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me