Nebraska Amends Data Breach Statute | Practical Law

Nebraska Amends Data Breach Statute | Practical Law

Nebraska has amended its data breach notification statute to include a person's username or email in combination with a password or security question and answer in the definition of personal information.

Nebraska Amends Data Breach Statute

Practical Law Legal Update w-001-9188 (Approx. 3 pages)

Nebraska Amends Data Breach Statute

by Practical Law Intellectual Property & Technology
Published on 20 Apr 2016USA (National/Federal)
Nebraska has amended its data breach notification statute to include a person's username or email in combination with a password or security question and answer in the definition of personal information.
On April 13, 2016, the governor of Nebraska, Pete Ricketts, signed LB835 into law. The bill, which will be effective July 20, 2016, amends the Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 (Neb. Rev. Stat. §§ 87-802 to 87-806). In particular, the amendments:
  • Expand the definition of "personal information" to include a user name or email address, in combination with a password or security question and answer, that would permit access to an online account.
  • Clarify that data will not be considered encrypted if the confidential process or key was, or is reasonably believed to have been, acquired as a result of a breach of the security system.
  • Add a requirement to notify the Nebraska Attorney General of a breach of the security system no later than when the covered entity also notifies the affected individuals.