Nebraska § 87-808 Security procedures and practices; disclosure of computerized data; contract provisions; compliance

Nebraska Statutes

§ 87-808 — Security procedures and practices; disclosure of computerized data; contract provisions; compliance

Nebraska § 87-808

Ch. 87Trade Practices

This text of Nebraska § 87-808 (Security procedures and practices; disclosure of computerized data; contract provisions; compliance) is published on Counsel Stack Legal Research, covering Nebraska primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Neb. Rev. Stat. § 87-808 (2026).

Text

(1)To protect personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure, an individual or a commercial entity that conducts business in Nebraska and owns, licenses, or maintains computerized data that includes personal information about a resident of Nebraska shall implement and maintain reasonable security procedures and practices that are appropriate to the nature and sensitivity of the personal information owned, licensed, or maintained and the nature and size of, and the resources available to, the business and its operations, including safeguards that protect the personal information when the individual or commercial entity disposes of the personal information.

(2)(a) An individual or commercial entity that discloses computerized data t

Free access — add to your briefcase to read the full text and ask questions with AI

(1) To protect personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure, an individual or a commercial entity that conducts business in Nebraska and owns, licenses, or maintains computerized data that includes personal information about a resident of Nebraska shall implement and maintain reasonable security procedures and practices that are appropriate to the nature and sensitivity of the personal information owned, licensed, or maintained and the nature and size of, and the resources available to, the business and its operations, including safeguards that protect the personal information when the individual or commercial entity disposes of the personal information.
(2)(a) An individual or commercial entity that discloses computerized data that includes personal information about a Nebraska resident to a nonaffiliated, third-party service provider shall require by contract that the service provider implement and maintain reasonable security procedures and practices that:
(i) Are appropriate to the nature of the personal information disclosed to the service provider; and
(ii) Are reasonably designed to help protect the personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure.
(b) This subsection does not apply to any contract entered into before July 19, 2018. Any such contract renewed on or after July 19, 2018, shall comply with the requirements of this subsection.
(3) An individual or a commercial entity complies with subsections (1) and (2) of this section if the individual or commercial entity:
(a) Complies with a state or federal law that provides greater protection to personal information than the protections that this section provides; or
(b) Complies with the regulations promulgated under Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., or the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. 1320d to 1320d-9, as such acts and sections existed on January 1, 2018, if the individual or commercial entity is subject to either or both of such acts or sections.