<P> Compliance with PCI DSS is not required by federal law in the United States . However, the laws of some U.S. states either refer to PCI DSS directly, or make equivalent provisions . </P> <P> In 2007, Minnesota enacted a law prohibiting the retention of payment card data . </P> <P> In 2009, Nevada incorporated the standard into state law, requiring compliance of merchants doing business in that state with the current PCI DSS, and shields compliant entities from liability . </P> <P> In 2010, Washington also incorporated the standard into state law . Unlike Nevada's law, entities are not required to be compliant to PCI DSS, but compliant entities are shielded from liability in the event of a data breach . Mitch Stephens' Articles - MaxPreps </P>

Who oversees private security industry's need for access to classified information