Libbie Canter, Lindsey Tonsager, Hensey A. Fenton III, and Jessica Ke of Covington and Burling write:
On April 17, the Nebraska governor signed the Nebraska Data Privacy Act (the “NDPA”) into law. Nebraska is the latest state to enact comprehensive privacy legislation, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Maryland. The NDPA will take effect on January 1, 2025. This blog post summarizes the statute’s key takeaways.
- Scope: Similar to Texas’s comprehensive privacy law, the NDPA does not use numerical thresholds of consumers’ data collected to determine applicability. Instead, the NDPA applies to persons who (1) conduct business in Nebraska or produce products or services consumed by Nebraska residents, and (2) process or sell personal data. The NDPA includes many exemptions present in other state comprehensive privacy laws, including exemptions for nonprofits, government entities, financial institutions, and protected health information under HIPAA, among others.
Read more at Inside Privacy.