AMP.legal - Data Breach Laws

Browse data breach notification laws in the United States by states or territories. This database currently includes breach statutes for a business that collects personal information. This database is for informational purposes only and may not be up-to-date. Please review our Terms of Service. Report any errors or issues to: webmaster@amp.legal.

Last Updated	Nebraska breach law summary was last updated on 02/26/2023
Statute	Neb. Rev. Stat. § 87-801 et seq. [View Source] [Download PDF]
Covered Entities	"Commercial entity" includes a corporation, business trust, estate, trust, partnership, limited partnership, limited liability partnership, limited liability company, association, organization, joint venture, government, governmental subdivision, agency, or instrumentality, or any other legal entity, whether for profit or not for profit.
Covered Information	"Personal Information" includes First Name (or First Initial) and Last Name PLUS one of the following: Social security number Motor vehicle operator's license number or state identification card number Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident's financial account Unique electronic identification number or routing code, in combination with any required security code, access code, or password Unique biometric data, such as a fingerprint, voice print, or retina or iris image, or other unique physical representation OR A user name or email address, in combination with a password or security question and answer, that would permit access to an online account
Form of Information	Electronic
Breach Trigger	Unauthorized acquisition of unencrypted computerized data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or a commercial entity.
Encryption Safe Harbor	Yes. A Nebraska resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable.
Risk of Harm Analysis	Yes. If the investigation determines that the use of information about a Nebraska resident for an unauthorized purpose has occurred or is reasonably likely to occur, the individual or commercial entity shall give notice to the affected Nebraska resident.
Consumer Notice	An individual or a commercial entity that conducts business in Nebraska and that owns or licenses computerized data that includes personal information about a resident of Nebraska shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be used for an unauthorized purpose.
Government Agency Notice	Yes. If notice of a breach of security of the system is required by subsection (1) of this section, the individual or commercial entity shall also, not later than the time when notice is provided to the Nebraska resident, provide notice of the breach of security of the system to the Attorney General.
Credit Agency Notice	None.
Penalties	Yes. For purposes of the Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006, the Attorney General may issue subpoenas and seek and recover direct economic damages for each affected Nebraska resident injured by a violation of the act.
Private Cause of Action	No.