Nebraska notification of data security breach act

Nebraska LB 876, which was signed into law on April 13, 2006, requires that an individual or a commercial entity that conducts business in Nebraska and that owns or licenses computerized data that includes personal information about a resident of Nebraska shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be used for an unauthorized purpose. If the investigation determines that the use of information about a Nebraska resident for an unauthorized purpose has occurred or is reasonably likely to occur, the individual or commercial entity shall give notice to the affected Nebraska resident.

Notice shall be made as soon as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Nebraska Notification of Data Security Breach Act: Account and Password
• Nebraska Notification of Data Security Breach Act: Name and CCN
• Nebraska Notification of Data Security Breach Act: Name and Password (Wide)
• Nebraska Notification of Data Security Breach Act: Name and Password (Default)
• Nebraska Notification of Data Security Breach Act: Name and Password (Narrow)
• Nebraska Notification of Data Security Breach Act: Name and SSN
• Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Wide)
• Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Default)
• Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Narrow)