202 sections in this chapter.
Neb. Rev. Stat. § 87-1001 Act, how cited.
0.1K chars
Sections 87-1001 to 87-1005 shall be known and may be cited as the Online Age Verification Liability Act.
Neb. Rev. Stat. § 87-1002 Terms, defined.
3.0K chars
For purposes of the Online Age Verification Liability Act: (1) Commercial entity includes a corporation, limited liability company, partnership, limited partnership, sole proprietorship, or other legally recognized entity; (2) Digitized identification card means a data file that …
Neb. Rev. Stat. § 87-1003 Commercial entity; reasonable age verification method; required; when.
0.5K chars
(1) A commercial entity shall not knowingly and intentionally publish or distribute material harmful to minors on the Internet on a website that contains a substantial portion of such material unless the entity uses a reasonable age verification method to verify the age of an ind…
Neb. Rev. Stat. § 87-1004 Civil action; authorized.
0.8K chars
(1) A person aggrieved by a violation of section 87-1003 may bring a civil action against the commercial entity or third party which engaged in that violation to recover such relief as may be appropriate. (2) In an action under this section, appropriate relief includes: (a) Such …
Neb. Rev. Stat. § 87-1005 Applicability of act.
0.7K chars
(1) The Online Age Verification Liability Act shall not apply to any news-gathering organization or any bona fide news or public interest broadcast, website video, or report. (2) An Internet utility does not violate the Online Age Verification Liability Act solely by providing ac…
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 1967, c. 627, § 17, p. 2099.
0.0K chars
[Repealed or reserved.]
Neb. Rev. Stat. § 87-1101 Act, how cited.
0.1K chars
Sections 87-1101 to 87-1130 shall be known and may be cited as the Data Privacy Act.
Neb. Rev. Stat. § 87-1102 Terms, defined.
11.4K chars
For purposes of the Data Privacy Act: (1) Affiliate means a legal entity that controls, is controlled by, or is under common control with another legal entity or shares common branding with another legal entity. For purposes of this subdivision, control or controlled means: (a) T…
Neb. Rev. Stat. § 87-1103 Applicability of act to persons or entities.
1.5K chars
(1) The Data Privacy Act applies only to a person that: (a) Conducts business in this state or produces a product or service consumed by residents of this state; (b) Processes or engages in the sale of personal data; and (c) Is not a small business as determined under the federal…
Neb. Rev. Stat. § 87-1104 Information and records to which act is not applicable.
4.2K chars
The Data Privacy Act does not apply to the following: (1) Protected health information under the Health Insurance Portability and Accountability Act; (2) Health records; (3) Patient identifying information for purposes of 42 U.S.C. 290dd-2, as such section existed on January 1, 2…
Neb. Rev. Stat. § 87-1105 Personal or household activity.
0.1K chars
The Data Privacy Act does not apply to the processing of personal data by a person in the course of a purely personal or household activity.
Neb. Rev. Stat. § 87-1106 Federal Children's Online Privacy Protection Act of 1998; compliance; effect.
0.5K chars
A controller or processor that complies with the verifiable parental consent requirements of the federal Children's Online Privacy Protection Act of 1998, 15 U.S.C. 6501 et seq., and the rules, regulations, and guidance adopted and promulgated under such act as such act, rules, r…
Neb. Rev. Stat. § 87-1107 Consumer rights; request to exercise.
1.4K chars
(1) A consumer may at any time submit a request to a controller specifying the consumer rights the consumer wishes to exercise. With respect to the processing of personal data belonging to a known child, a parent or legal guardian of the child may exercise the consumer rights on …
Neb. Rev. Stat. § 87-1108 Controller; compliance; procedure.
2.5K chars
(1) Except as otherwise provided in the Data Privacy Act, a controller shall comply with a request submitted by a consumer to exercise the consumer's rights pursuant to section 87-1107. (2) A controller shall respond to the consumer request without undue delay within forty-five d…
Neb. Rev. Stat. § 87-1109 Appeal process.
0.9K chars
(1) A controller shall establish a process for a consumer to appeal the controller's refusal to take action on a request within a reasonable period of time after the consumer's receipt of the decision under subsection (3) of section 87-1108. (2) The appeal process must be conspic…
Repealed. Laws 2000, LB 626, § 22.
0.0K chars
[Repealed or reserved.]
Neb. Rev. Stat. § 87-1110 Consumer right; waiver or limitation; unenforceable.
0.2K chars
Any provision of a contract or agreement that waives or limits in any way a consumer right described in sections 87-1107 to 87-1109 is contrary to public policy and is void and unenforceable.
Neb. Rev. Stat. § 87-1111 Consumer right; method to submit request.
3.1K chars
(1) A controller shall establish two or more secure and reliable methods to enable a consumer to submit a request to exercise consumer rights under the Data Privacy Act. The methods shall take into account: (a) The ways in which consumers normally interact with the controller; (b…
Neb. Rev. Stat. § 87-1112 Controller; personal data; requirements on collection and use.
2.2K chars
(1) A controller: (a) Shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which that personal data is processed, as disclosed to the consumer; and (b) For purposes of protecting the confidentiality, i…
Neb. Rev. Stat. § 87-1113 Privacy notice; required; contents.
0.9K chars
A controller shall provide each consumer with a reasonably accessible and clear privacy notice that includes: (1) The categories of personal data processed by the controller, including, if applicable, any sensitive data processed by the controller; (2) The purpose for processing …
Neb. Rev. Stat. § 87-1114 Personal data; sale; process for advertising; disclosure; consumer action.
0.3K chars
If a controller sells personal data to any third party or processes personal data for targeted advertising, the controller shall clearly and conspicuously disclose that process and the manner in which a consumer may exercise the right to opt out of that process.
Neb. Rev. Stat. § 87-1115 Processor; duties; controller and processor, contract; requirements; liability.
3.4K chars
(1) A processor shall adhere to the instructions of a controller and shall assist the controller in meeting or complying with the controller's duties or requirements under the Data Privacy Act, including: (a) Assisting the controller in responding to consumer rights requests subm…
Neb. Rev. Stat. § 87-1116 Data protection assessment; requirements; confidentiality.
2.6K chars
(1) A controller shall conduct and document a data protection assessment of each of the following processing activities involving personal data: (a) The processing of personal data for purposes of targeted advertising; (b) The sale of personal data; (c) The processing of personal…
Neb. Rev. Stat. § 87-1117 Deidentified data.
2.1K chars
(1) A controller in possession of deidentified data shall: (a) Take reasonable measures to ensure that the data cannot be associated with an individual; (b) Publicly commit to maintaining and using deidentified data without attempting to reidentify the data; and (c) Contractually…
Neb. Rev. Stat. § 87-1118 Sensitive data; sale; consent required.
0.3K chars
(1) A person described by subdivision (1)(c) of section 87-1103 shall not engage in the sale of personal data that is sensitive data without receiving prior consent from the consumer. (2) A person who violates this section is subject to the penalty under section 87-1124.
Neb. Rev. Stat. § 87-1119 Attorney General; enforcement.
0.1K chars
The Attorney General has exclusive authority to enforce the Data Privacy Act.
Repealed. Laws 2000, LB 626, § 22.
0.0K chars
[Repealed or reserved.]
Neb. Rev. Stat. § 87-1120 Attorney General; duties.
0.4K chars
The Attorney General shall post on the Attorney General's website: (1) Information relating to: (a) The responsibilities of a controller under the Data Privacy Act; (b) The responsibilities of a processor under the Data Privacy Act; and (c) A consumer's rights under the Data Priv…
Neb. Rev. Stat. § 87-1121 Attorney General; powers.
0.6K chars
(1) If the Attorney General has reasonable cause to believe that a controller or processor has engaged in or is engaging in a violation of the Data Privacy Act, the Attorney General may issue a civil investigative demand pursuant to section 87-1123. (2) The Attorney General may r…
Neb. Rev. Stat. § 87-1122 Controller or processor; notification of violations; response.
0.9K chars
Before bringing an action under section 87-1124, the Attorney General shall notify a controller or processor in writing, not later than the thirtieth day before bringing the action, identifying the specific provisions of the Data Privacy Act the Attorney General alleges have been…
Neb. Rev. Stat. § 87-1123 Civil investigative demand; procedure.
6.1K chars
(1) Whenever the Attorney General believes that any person may be in possession, custody, or control of any original or copy of any book, record, report, memorandum, paper, communication, tabulation, map, chart, photograph, mechanical transcription, or other tangible document or …
Neb. Rev. Stat. § 87-1124 Violation; penalty; actions authorized.
0.9K chars
(1) A person who violates the Data Privacy Act following the cure period described by section 87-1122 or who breaches a written statement provided to the Attorney General under such section is liable for a civil penalty in an amount not to exceed seven thousand five hundred dolla…
Neb. Rev. Stat. § 87-1125 Private right of action.
0.2K chars
The Data Privacy Act shall not be construed as providing a basis for, or being subject to, a private right of action for a violation of the Data Privacy Act or any other law.
Neb. Rev. Stat. § 87-1126 Act, how construed.
3.1K chars
The Data Privacy Act shall not be construed to: (1) Restrict a controller's or processor's ability to: (a) Comply with federal, state, or local laws, rules, or regulations; (b) Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, s…
Neb. Rev. Stat. § 87-1127 Controller or processor; requirements of act; applicability.
1.1K chars
(1) The requirements imposed on any controller or processor under the Data Privacy Act shall not restrict a controller's or processor's ability to collect, use, or retain data to: (a) Conduct internal research to develop, improve, or repair products, services, or technology; (b) …
Neb. Rev. Stat. § 87-1128 Third-party controller or processor; affect on violation.
0.8K chars
(1) A controller or processor that discloses personal data to a third-party controller or processor, in compliance with any requirement of the Data Privacy Act, does not violate the Data Privacy Act if the third-party controller or processor that receives and processes that perso…
Neb. Rev. Stat. § 87-1129 Personal data; processing; restrictions.
1.6K chars
(1) Personal data processed by a controller under sections 87-1126 to 87-1129 may not be processed for any purpose other than a purpose listed in sections 87-1126 to 87-1129 unless otherwise allowed by the Data Privacy Act. Personal data processed by a controller under sections 8…
Repealed. Laws 2000, LB 626, § 22.
0.0K chars
[Repealed or reserved.]
Neb. Rev. Stat. § 87-1130 Preemption of local law.
0.2K chars
The Data Privacy Act supersedes and preempts any ordinance, resolution, rule, or other regulation adopted by a political subdivision regarding the processing of personal data by a controller or processor.
Repealed. Laws 2000, LB 626, § 22.
0.0K chars
[Repealed or reserved.]
Repealed. Laws 2000, LB 626, § 22.
0.0K chars
[Repealed or reserved.]