<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

    Nebraska Passes Data Privacy Act

    by Alex Margau
    2 min read
    nebraska-data-privacy-act-clym

    On April 11, 2024, Nebraska legislature passed with unanimous approval LB 1074, also known as the Nebraska Data Privacy Act. 

    The text of the Act largely resembles that of Texas, with some differences, and if signed into law by the state’s Governor, Jim Pillen, it will make Nebraska US state number sixteen or seventeen, depending on whether Maryland’s  newly minted law is signed into law first. It establishes thresholds for applicability, gives consumers the right to opt-out via universal opt-out mechanisms (UOOMs), and allows for a 30 day cure period for violations.  

     

    Short summary of Nebraska’s Data Privacy Act

    • Effective Date: January 1, 2025, and others three calendar months after the adjournment of the legislative session.
    • Applicability: applies to persons that (a) conduct business in this state or produce a product or service consumed by residents of this state; (b) process or engage in the sale of personal data; and (c) is not a small business as determined under the federal Small Business Act.
    • Controller Obligations: Controllers are limited to collecting personal data that is adequate, relevant, and necessary relative to the disclosed purposes for which the data is processed. They must also establish reasonable data security practices appropriate to the volume and nature of the personal data processed.
    • Consumer Rights: Consumers have rights to confirm if their data is being processed, access their data, correct inaccuracies, delete their data, obtain a portable copy of their data, and opt out of data processing for specific uses like targeted advertising or sale of personal data.
    • Enforcement Authority: The Attorney General has enforcement authority, including the ability to issue civil investigative demands and take various actions such as seeking injunctive relief and penalties for violations of the act.
    • Penalties: Violations of the Data Privacy Act after a cure period or breaching a written statement to the Attorney General may result in civil penalties up to $7,500 for each violation. The Attorney General can also seek to recover attorney's fees and other expenses related to enforcement actions.