RENO, Nev. (KOLO) – The State of Nevada is adopting new policies in the wake of a late summer cyberattack that afflicted much of the state’s infrastructure.
The Statewide Policy for Data Classification went into effect starting this month. The framework establishes how information across the Executive Branch is identified, classified and safeguarded based on risk and regulatory requirements.
The policy will be applied to all executive agencies.
The state says the policy introduces a consistent, enterprise wide approach to reducing risk and improving data sharing rather than relying on agency specific practices or informal methods.
“This policy creates a common language for protecting information across state government,” said a spokesperson for the Governor’s Technology Office. “It ensures sensitive data is handled appropriately while still allowing agencies to share information and deliver services effectively.”
The core of the policy revolves around a four-tier data approach to data protection:
- Public — Information approved for unrestricted disclosure, such as public meeting agendas or published job postings.
- Sensitive — Internal, non-confidential information intended for operational use, including draft documents and internal communications.
- Confidential — Legally protected data where unauthorized disclosure could cause substantial harm, such as Social Security numbers, medical records, or financial information.
- Restricted — The highest protection level, covering information subject to federal security requirements or critical state operations, including criminal history records, cybersecurity defense plans, and encryption keys.
The policy requires that when classification is unclear, information must be treated at the higher protection level until a final determination is made.
The policy defines information assets broadly and applies to any data in any format, including paper records, emails, system configurations, images and intellectual property.
It will also clarify roles and responsibilities. Agency Data Stewards are designated as the primary decision makers for classification within their organization, while data owners will retain authority and accountability for documenting classification decisions.
The state says the framework serves as the foundation for forthcoming technical safeguards, including multi-factor authentication, enhanced logging and encryption standards aligned with federal requirements.
Copyright 2026 KOLO. All rights reserved.
