Law: Nebraska Data Privacy Act (NDPA)

Regulator: The Nebraska Attorney General (AG)

Summary: The NDPA was approved by the Governor of Nebraska on April 18, 2024, and will enter into effect on January 1, 2025. The NDPA marks the State's first comprehensive privacy legislation and includes consumer rights, including the right to opt out of the processing of personal data for the purposes of targeted advertising, sale of personal data, or profiling. The NDPA further lays down controller and processor obligations, including the requirement for a controller to conduct data protection assessment in certain circumstances. The AG is granted the exclusive authority to enforce the provisions of the NDPA and does not provide for a private right of action.

Additionally, data security and breach notification requirements are governed under §§87-801 et seq. of Chapter 87 of the Nebraska Revised Statutes. Moreover, Nebraska's Financial Data Protection and Consumer Notification of Data Security Breach Act regulates the notification of breaches of consumer data, with the AG responsible for enforcing these provisions and competent to issue subpoenas and recover direct economic damages for each resident injured by the violation of these provisions.