McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Nebraska

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006
CITATION Nebraska Revised Statutes, §§ 87-801, 87-802, 87-803, 87-804, 87-805, 87-806, 87-807
SUMMARY

The law requires that if an individual or a commercial entity that conducts business in Nebraska and that owns or licenses computerized data that includes personal information about a resident of Nebraska becomes aware of a breach of the security of their computer system, the business or entity should conduct a prompt investigation to determine if personal information has been compromised and assess the risk of misuse. The law also requires the individual or the commercial entity provide notice as soon as possible to the affected Nebraska resident unless the investigation determines that the misuse of information about a Nebraska resident has not occurred and is not reasonably likely to occur.

The laws require notice to be made in good faith, in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system.
DATA COVERED

The law covers unencrypted computerized data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or a commercial entity. Personal Information is defined as a Nebraska resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable:

  1. Social Security number;
  2. Motor vehicle operator's license number or state identification card number;
  3. Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident's financial account;
  4. Unique electronic identification number or routing code, in combination with any required security code, access code, or password; or
  5. Unique biometric data, such as a fingerprint, voice print, or retina or iris image, or other unique physical representation.
INDUSTRY An individual or commercial entity that conducts business in Nebraska and that includes personal information about a resident of Nebraska.
PENALTIES The Attorney General may issue subpoenas and seek recovery of direct economic damages for each affected Nebraska resident injured by a violation of the act.
United States - English