Nebraska lawmakers voted 34-0 during the first round of voting on a bill introduced by Senator Adam Morfield. The bill seeks to further protect Nebraska residents when their personal information is exposed during a data breach. It was introduced after the massive data breach at Equifax in 2014, which compromised the personal information of over 145 Americans and 700,000 Nebraskans.
Legislative Bill 757 proposed changes on the Credit Report Protection Act and the Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006. The proposal seeks to help prevent data breaches and make sure that the breached entity takes proper action after a breach.
Sen. Morfield saw how big an impact the Equifax breach had on Nebraskans. Moreover, he noted the actions that Equifax took after the breach. The firm only provided the breach victims 12 months of free credit monitoring services. In excess of one year, the victims would have to pay for credit monitoring. Also, if they want to freeze their accounts, they have to pay because this service is not free of charge.
While Equifax offered one-year credit monitoring services for free on one hand, they offered chargeable credit freezes on their site on the other hand. It seemed to Nebraska Attorney General Dough Peterson that Equifax using its own data breach to sell their services to the breach victims.
The bill proposal is to make placing and removing credit freezes on accounts free of charge. This applies to the accounts of individuals whose personal data was exposed due to a security breach experienced by the credit reporting agencies. In the original bill, the requirement is to offer lifetime free credit reporting services to breach victims. But many from the industry criticized this requirement and so it was amended.
In addition, the new bill will require credit agencies as well as third-party companies that obtained consumer data to maintain “reasonable security procedures and practices.” The state attorney general will be given greater authority to pursue legal action against violating companies and collect damages for consumers.
This bill will also apply to any individual or commercial entity that conducts business in Nebraska and maintains personal data of Nebraska residents. If a company already complies with federal legislation that gives the same or higher levels of consumer protection, it would be regarded as compliant to the requirements of Legislative Bill 757.
Even if the bill got a unanimous vote, there were some Senators who were concerned about the impact the proposed bill on consumers and the credit reporting industry. Some were also concerned that the bill could result in higher costs for consumers. Before finally writing the bill into state legislature, it would need to pass two more votes.