WeVote

Bill

Bill

LB 602

Adopt the Data Elimination and Limiting Extensive Tracking and Exchange Act

109th Legislature (2025-2026) Introduced by Margo Juarez

LB 602 requires Nebraska data brokers to register, implement strong security, and provide a cross-broker deletion mechanism, with the Attorney General enforcing violations.

Title printed. Carryover bill
0
WeVote Research Nonpartisan
Bill Summary · LB 602

LB 602 — Data Elimination and Limiting Extensive Tracking and Exchange Act

Status: Notice of hearing for February 3, 2025
Introduced: January 22, 2025
Committee: Banking, Commerce and Insurance
Primary Sponsor: Senator Margo Juarez
Current Position: Referred to the Banking, Commerce and Insurance Committee; hearing scheduled

Purpose and Intent

LB 602 builds on Nebraska’s Data Privacy Act by adding (1) a formal registration regime for data brokers operating in Nebraska, (2) a comprehensive information security program requirement for data brokers, (3) a consumer data deletion mechanism across all registered brokers, and (4) exclusive authority for the Attorney General to pursue violations under the act. The bill aims to strengthen consumer protections around the collection, storage, use, and deletion of personal data, and to increase transparency and accountability for data brokers.

Key Provisions

  • Data Broker Registration
    Data brokers that maintain a website or mobile app and operate in Nebraska must register with the Nebraska Secretary of State (SOS). The SOS will publish and maintain a registry, enabling individuals to request deletion of their personal data from all registered brokers simultaneously.

  • Scope and Definitions
    The bill defines “data broker,” “authorized agent,” “direct relationship with a controller,” and “opt-out,” clarifying who is subject to the act and what constitutes data processing by a non-direct-relationship broker.

  • Delete Act (Consumer Data Deletion)
    The act creates a framework under which private individuals can request deletion of their personal data from all registered data brokers. The deletion mechanism is coordinated through the SOS registry to enable cross-broker deletion.

  • Website/Notice Requirements
    Data brokers must display a conspicuous, accessible notice on their website or app stating that they are a data broker, ensuring clarity and accessibility (including for individuals with disabilities), with content aligned to requirements set by the SOS.

  • Information Security Program
    Nebraska data brokers must develop, implement, and maintain a comprehensive information security program tailored to factors such as size, scope, data volume, and resources. Program components include:

    • Risk assessments and ongoing monitoring of internal and external risks
    • Training for employees and contractors
    • Third-party vendor oversight and contractually required security measures
    • Physical and logical security controls, access restrictions, incident response, and post-incident reviews
    • Regular (at least annual) reviews and updates to security measures
    • Protocols for secure authentication and access control
    • Procedures for protecting data stored outside broker premises
    • Documentation of responsive actions following security incidents
  • Enforcement
    The Attorney General is given exclusive authority to litigate violations of the act.

Who Is Affected

  • Data brokers operating in Nebraska (with online platforms or apps)
  • Consumers whose personal data is collected and processed by these brokers
  • The Secretary of State (registry administrator)
  • The Attorney General (enforcement)

Procedural and Timeline Notes

  • Introduced: January 22, 2025
  • Referred to Committee: January 24, 2025
  • Notice of Hearing: January 27, 2025
  • Hearing Date: February 3, 2025

Potential Impact

  • Enhanced consumer control over personal data, including a cross-broker deletion option.
  • Increased accountability and cybersecurity standards for data brokers.
  • Greater regulatory clarity and a centralized mechanism to manage privacy rights through the SOS registry.
  • Compliance costs and operational changes for data brokers (security programs, notices, and deletion workflow).

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.