Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws
award of direct economic damages

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Notifications may only be given by specific methods.
  • The state attorney general may issue subpoenas and seek and recover direct economic damages for each affected Nebraska resident injured by a violation.
  • Any individual or commercial entity that conducts business in Nebraska and maintains personal information about Nebraska residents must
    • Implement and maintain reasonable security procedures and practices that are appropriate to the nature and sensitivity of the personal information.
    • Require by contract that the service provider implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
  • If your breach affects residents in other states, you will need to notify those resident using that state’s rules.
Statutes and Laws
  • NE Code §§ 87-801 to 87-807 Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006

    NE Code § 87-808 Security procedures and practices; disclosure of computerized data; contract provisions; compliance

BAck to map