Bill > LB241

This bill provides legal protection for private entities during cybersecurity incidents by establishing clear definitions and limiting their liability. The bill defines key terms such as "cybersecurity event" (unauthorized access or disruption of an information system), "information system" (electronic resources for managing nonpublic information, including specialized systems like industrial control networks), and "nonpublic information" (private details that can identify a person when combined with sensitive identifiers like social security numbers, financial account details, or biometric records). The bill also defines "private entity" as any non-government business organization, including corporations, nonprofits, and partnerships. The core provision of the bill is that a private entity cannot be held liable in a class action lawsuit resulting from a cybersecurity event unless the event was caused by willful, wanton, or gross negligence on the part of the entity. This legislation aims to provide some legal protection for businesses dealing with potential data breaches or system intrusions, while still maintaining a standard of reasonable care and accountability.

Business and Industry

https://nebraskalegislature.gov/bills/view_bill.php?DocumentID=59155