On Oct. 1, a new Nevada law went into effect that requires organizations operating in the state to encrypt personal information sent outside of the organization. A similar, but more restrictive, law will go into effect on Jan. 1, 2009 in Massachusetts. What this means is that if you operate a business in either state, you will have to encrypt certain types of sensitive information if you send it past your corporate firewall or else face legal consequences.