A Nevada Law that took effect in October will require all businesses to encrypt personally-identifiable customer data, including names, and credit-card numbers, that are transmitted electronically.  Companies in Nevada that suffer a security breach, but comply with the new law would cap their damages at $1,000 per customer for each occurrence; however, those that do not comply would be subject to unlimited civil penalties.

http://online.wsj.com/article/SB122411532152538495.html