small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

Nebraska Breach Law Amendment Effective July 20, 2016

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

Nebraska Breach Law Amendment Effective July 20, 2016

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Author

Eric Shinabarger

Related Locations

Chicago

Related Topics

Data Breach

Related Capabilities

Privacy & Data Security

Related Regions

North America

May 4, 2016

Joining Rhode Island and Tennessee, Nebraska’s breach notice law has been amended, with changes going into effect this summer. Key modifications include an obligation to notify the state Attorney General (with no threshold of the number of impacted individuals). Nebraska joins California, Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Maine, Maryland, Massachusetts, Missouri, New Hampshire, New Jersey, New York, North Carolina, Oregon, South Carolina, Oregon, Vermont, Virginia, Washington, and Puerto Rico in requiring notice to a state authority in the event of a breach. Notice to the Attorney General must be made “no later than” notice to impacted individuals.

Also modified is the addition to the definition of personal information (that if breached, requires notice) of username or email address “in combination with a password or security question and answer that would permit access to an online account.” This mirrors similar changes to the laws of California, Nevada, Florida, and Wyoming.

The amendments also clarify when data is encrypted. (In Nebraska, notice is not required if data is encrypted.) As revised, data is not to be considered encrypted if the “confidential process or key” was acquired as a result of the breach or is reasonably believed to have been acquired as a result of the breach.

TIP: If your organization suffers a national breach, keep in mind that starting July 20, notice will need to be made to the Nebraska Attorney General if there are impacted individuals in that state. Additionally, Nebraska joins a handful of states treating username/email and password as triggering information. 

Related Professionals

Related Professionals

Eric Shinabarger

Eric Shinabarger

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising