Currently, there is no comprehensive Nebraska data privacy law in place; nor is there a Nebraska Consumer data privacy act introduced in the state legislature this year.
Uniform Personal Data Protection Act
In January 2022, Senator Flood of Nebraska introduced LB 1188. Also known as the Uniform Personal Data Protection Act, LB 1188 sought to give Nebraskans comprehensive data protection for their personal information. The act defined personal data broadly, just like other states that have successfully implemented comprehensive data protection laws. Beyond its broad definition of personal data, however, the similarities with other data protection laws end.
LB 1188 was modeled after the model Uniform Data Protection Act proposed by the Uniform Law Commission, and it differs significantly from existing data protection regulations. The legislation focused on the types of business practices that are covered and gives consumers who are protected by the act power over particular corporate practices.
The Uniform Personal Data Protection Act (UPDPA) received final approval from the Uniform Law Commission (ULC) in July 2021. This model law, which the ULC argues has “elements that make the UPDPA more practical, more flexible, and less expensive than other models of state privacy legislation,” was created using an innovative approach by the ULC.
The Nebraska privacy law was indefinitely postponed, and no new bill has been introduced.
Data Protected by the Nevada Uniform Personal Data Protection Act
The act protects personal data, which is generally defined to include records that are direct identifiers or indirectly identify or characterize a person, or that are pseudonymized.
Thresholds For Eligibility
Businesses that conduct business in Nebraska or specifically target Nebraska residents with their goods or services and meet one of the following criteria are considered controllers (those responsible for deciding how personal data will be processed) or processors (those actually responsible for processing personal data).
- maintain personal information about more than 50,000 Nebraska residents during a calendar year, excluding information collected or kept only to complete a payment transaction
- generate more than 50% of its gross annual revenue from maintaining personal information as a controller or processor during a calendar year
- act as a processor on behalf of a controller where the processor knows or has reason to believe the controller meets a threshold.
- maintains personal data, unless the processing of personal data is solely for a compatible data practice.
Notably, the act does not apply to Nebraskan governmental institutions, agencies, or political subdivisions. Additionally, the act does not apply to information that is publicly accessible, used in connection with specific research projects, used in certain legal proceedings, or processed or kept as part of a data subject’s employment or application for employment.
The Nebraska data privacy proposal deferred significantly from other state privacy laws, and one significant effect of this law would have been that businesses need new compliance framework models to comply with this revolutionary concept in state privacy laws.
State Privacy Compliance with Centraleyes
Stay with Centraleyes as we continue to monitor the progress of state privacy law in Nebraska and across the US.