Data breach notification requirements considered

Consumers affected by data breaches would be provided additional information under a bill heard by the Judiciary Committee Jan. 30.

LB61, introduced by Gretna Sen. John Murante, would require an individual or commercial entity to notify the attorney general’s office in the event of a data breach. Currently, the act only requires that notice be given to the consumer in the event of a data breach.

Failure to comply with the notification requirements would constitute a deceptive trade practice under the bill.

“In 2012 over 800,000 Nebraskans were affected by security breaches that made them vulnerable to identity theft,” Murante said. “We should be doing everything we can to ensure Nebraskans have the information they need to protect themselves from identity theft, and this bill would do that.”

Chief Deputy Attorney General David Cookson testified in support of the bill, saying certain companies only notify consumers when a security breach has taken place and do not provide them with useful information. In such instances, he said, consumers contact the attorney general’s office seeking guidance.

“This bill would provide more certainty for consumers,” Cookson said.

No one testified in opposition and the committee took no immediate action on the bill.