Gaming Operators Latest To See Specific Privacy & Cybersecurity Laws – Data Protection

Listen to this post

Two states recently passed legislation with specific data security requirements for businesses that are gaming operators or licensees. These new regulations in Nevada and Massachusetts add to the already complex federal and state privacy laws. In the United States, companies may be subject to certain data protection laws as a result Type of information they collect or because of the industry in which they operate (financial, healthcare, insurance, telecom, etc.). The gambling industry is the latest to be added to the mix.

In this latest addition to this complex patchwork quilt, the Nevada Gambling Commission issued regulations for certain operators in late 2022, effective January 1, 2023. The regulations apply to specific “covered entities” and place requirements on the following: (1) risk assessments, (2) incident response, and (3) personnel. Massachusetts law, which addresses both “operators” and “licensees,” imposes both general and specific obligations. The law establishes specific requirements for privacy policies, rights of the individual, automated decision-making, and data security, among other things. While the Massachusetts Rules were published with efficacy data as of December 2022, comments are solicited through February 2023.

put into practice. Gambling operators should ensure they understand these laws and their requirements, including data security and privacy disclosure. If you are a Provider working with Covered Entities, you should review these requirements as well. Those outside the industry should take note, as these two new laws signal the ever-evolving web of privacy and data security laws, including industry-specific requirements.

The content of this article is intended to provide a general guide to the topic. In relation to your specific circumstances, you should seek advice from a specialist.