Nebraska lawmakers have advanced a bill that would shield private companies from class-action lawsuits stemming from data breaches, unless the breach resulted from willful, wanton, or gross negligence. Sponsored by Senator Bob Hallstrom of Syracuse, Legislative Bill 241 received first-round approval on Wednesday after a 33-9 vote, moving it to the next stage of debate.
Hallstrom and Republican supporters argue the bill is necessary to protect small businesses from excessive litigation and costly settlements when cybersecurity breaches occur despite reasonable precautions. However, opponents, including Senator Terrell McKinney of Omaha, warn that raising the standard of proof from negligence to gross negligence makes it significantly harder to hold companies accountable for failing to properly safeguard consumer data.
Democratic Senator Megan Hunt of Omaha criticized the bill as corporate favoritism, arguing it prioritizes businesses over consumer protection. Despite these concerns, Senator Eliot Bostar of Lincoln, a Democrat, joined 32 conservatives in supporting the measure.
The bill comes amid growing scrutiny over cybersecurity and data protection in Nebraska. In December, the state filed a lawsuit against a health care payment processor over a major data breach that exposed sensitive financial and health information of at least 575,000 Nebraskans. At the time, Attorney General Mike Hilgers emphasized the role of state attorneys general as one of the few entities capable of challenging large corporations in consumer protection cases.
While LB 241 would not prevent individual lawsuits for negligence, it would make it significantly harder for groups of consumers to sue companies over data breaches. The bill now moves to the second of three rounds of debate in Nebraska’s Legislature.
Comments