Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- award of direct economic damages

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Notifications may only be given by specific methods.
  • The state attorney general may issue subpoenas and seek and recover direct economic damages for each affected Nebraska resident injured by a violation.
  • Any individual or commercial entity that conducts business in Nebraska and maintains personal information about Nebraska residents must
    • Implement and maintain reasonable security procedures and practices that are appropriate to the nature and sensitivity of the personal information.
    • Require by contract that the service provider implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
  • If your breach affects residents in other states, you will need to notify those resident using that state’s rules.
Statutes and Laws
  • NE Code §§ 87-801 to 87-808 Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006

BAck to map