A new law that took effect in Nevada this month aims to help protect data gathered by businesses about their customers, the Wall Street Journal reports.
The legislation states that companies are required to encrypt any personal information, including names and credit card details, that is transmitted electronically.
Firms may help protect themselves and their customers by purchasing email encryption software. Those that flout the law would be liable for unlimited civil penalties.
Other states, including Michigan and Washington, are mulling similar laws. Meanwhile, from January, Massachusetts businesses will be obligated to encrypt sensitive data about residents that is stored on portable devices, such as laptops.
Privacy lawyers in Massachusetts told the news provider that the legislation potentially paves the way for people to file civil lawsuits against firms in the case of a data breach.
In Nevada, it has already been established that firms complying with the law that suffer a data breach would have caps placed on the amount of damages they are forced to pay in a suit.
Some large-scale data breaches have made the headlines over the past couple of years, including an incident in which the credit and debit card details of 45.6 million customers of retailer TJX were put at risk.