ACCORDING to Associated Press, Nevada’s IT agency has rolled out a new statewide data classification policy months after a cyberattack that disrupted state services. The policy, announced by the Governor’s Technology Office, introduces four data categories: “public,” “sensitive,” “confidential” or “restricted,” with agencies responsible for choosing the appropriate level.
Data that is unclear to classify should be placed in the more restrictive category, and under Nevada’s public records law, information is by default a public record unless confidentiality provisions apply. The policy emphasises that the classification framework will extend beyond simply labelling information as sensitive or personal, supporting more uniform handling across agencies and strengthening digital resilience.
It also highlights considerations such as the mosaic effect, where seemingly harmless data can become sensitive when combined with other data, and notes that misuse could trigger remediation or escalation. The article notes that cybersecurity has been a legislative priority, with AB1 creating a Security Operations Center to support state agencies and elected officials.