This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
On April 13, 2016, Nebraska’s breach notification statute was amended when Governor Pete Ricketts signed L.B. 835 into law. The amendment included a variety of changes, including a regulator notification requirement and broadens the definition of “personal information” in the state data breach notification statute, Neb. Rev. Stat. §87-802 – 87-804. These amendments become effective on July 20, 2016.
Specifically, the bill makes the following changes:
Attorney general notification. The amendment requires notice to the state’s attorney general concurrent with notice provided to affected individuals. These notices must be provided as soon as possible and without unreasonable delay consistent with law enforcement needs and the time necessary to determine the scope of the breach. This change follows a number of other states, such as California, Connecticut, Florida, Indiana, Maryland, Massachusetts, New Hampshire, New York and North Carolina, which also require notification to the respective state’s attorney general or other agency. Because the timing, form, content and manner of delivery of these notices vary state to state, organizations should take agency notifications into account when engaging in breach preparedness planning.
Personal information definition expanded. The definition of “personal information” was amended to add a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account, which, if acquired by an unauthorized person, would require notice. Recognizing the breadth of information consumers store online, Nebraska will become the fifth state, joining California, Florida, Nevada and Wyoming to require notification in the event of a breach of account credentials.
Encryption exception clarified. As amended, the state’s breach notification law provides that data will not be considered encrypted for purposes of avoiding notification if the breach of security includes acquisition of the encryption key or confidential encrypted method.
The notice obligations that are triggered when organizations have a breach of the security of their systems involving personal information continue to evolve. Preparedness is key so take some time to develop a response plan, and practice it.
Christopher E. Hoyme is an attorney in the Omaha, Neb., office of Jackson Lewis. © Jackson Lewis. All Rights Reserved. Reposted with permission.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
CA Resources at Your Fingertips
SHRM’s HR Vendor Directory contains over 10,000 companies