Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


Nebraska Proposed Privacy Law

Created on July 13, 2020

Demand Generation Manager, Exterro

Why This Privacy Law is Important: Nebraska Consumer Data Privacy Act strikingly similar to the CCPA with very few differences. The proposed bill is set up to enhance the protection of Nebraska resident’s private online data.

Overview/Status of Bill: The Nebraska Consumer Data Privacy Act would give Nebraska residents additional rights and control over how their personal data is being collected and used. Under the Nebraska Consumer Data Privacy Act residents would have the right to know, the right to access, the right to opt-out, and the right to deletion of their personal information. The bill also requires businesses to provide two or more designated methods for submitting requests for information. At a minimum, a toll-free telephone number and, if applicable, a website address must be made available.

Need to Know Information:

Who it Applies To: Any for-profit organization that does business in the state of Nebraska and collects consumers’ personal information and that meets one or more of the following:

  1. Has annual gross revenue in excess of $10 million;
  2. Buys or receives the personal information of 50,000 or more consumers, households or devices; or
  3. Derives 50 percent or more of its annual revenue from selling Nebraskans’ personal information.

What is Covered: “Personal information” which is defined as “any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Some of the categories included are commercial information, geolocation data, and biometric information.

How to Comply: Businesses would be required to update their online privacy policies to provide notifications to consumers that they have the right to request the deletion of their personal information and that their personal data could be sold unless they affirmatively opt-out providing a link in which to do so. In addition, to the notifications they must also provide two or more designated methods for consumers to submit requests for information, to include at a minimum a toll-free telephone number and a website (if applicable); and place a visible link on their homepage, to the “Do Not Sell My Personal Information,” webpage.

Potential Penalties: Unlike CCPA The Nebraska Data Privacy Act does not include the private right of action. Enforcement will be handled by the Nebraska attorney general and any business found in violation would be liable to pay up to $7,500 for each violation.