Nebraska Amends Data Breach Notification Law
Last week, Nebraska Governor Pete Ricketts signed into law LB 835, which makes the following amendments to the state’s data breach notification statute:
- Adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account.
- Requires notice to the Nebraska Attorney General no later than notice is provided to Nebraska residents.
- Clarifies that data is not considered encrypted, defined as “converted by use of an algorithmic process . . . into a form in which the data is rendered unreadable or unusable without use of a confidential process or key,” if the confidential process or key was or is reasonably believed to have been acquired as a result of the breach.