Legislative Bill: 876
Nebraska Revised Statute: §§ 87-801 to 807
Effective Date: July 14, 2006
Definition of Personal Information: A Nebraska resident’s first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable:
(a) Social security number;
(b) Motor vehicle operator’s license number or state identification card number;
(c) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident’s financial account;
(d) Unique electronic identification number or routing code, in combination with any required security code, access code, or password; or
(e) Unique biometric data, such as a fingerprint, voice print, or retina or iris image, or other unique physical representation.
Summary: An individual or a commercial entity that conducts business in Nebraska and that owns or licenses computerized data that includes personal information about a resident of Nebraska shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be used for an unauthorized purpose. If the investigation determines that the use of information about a Nebraska resident for an unauthorized purpose has occurred or is reasonably likely to occur, the individual or commercial entity shall give notice to the affected Nebraska resident. Notice shall be made as soon as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system.
Visit the state Web site