Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Nebraska · Chapter 87 — Trade Practices

87-1116. Data protection assessment; requirements; confidentiality.

396 words·~2 min read·/ne/chapter-87/87-1116

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(1)A controller shall conduct and document a data protection assessment of each of the following processing activities involving personal data:
(a)The processing of personal data for purposes of targeted advertising;
(b)The sale of personal data;
(c)The processing of personal data for purposes of profiling, if the profiling presents a reasonably foreseeable risk of:
(i)Unfair or deceptive treatment of or unlawful disparate impact on any consumer;
(ii)Financial, physical, or reputational injury to any consumer;
(iii)A physical or other intrusion on the solitude or seclusion, or the private affairs or concerns, of any consumer, if the intrusion would be offensive to a reasonable person; or
(iv)Other substantial injury to any consumer;
(d)The processing of sensitive data; and
(e)Any processing activity that involves personal data that presents a heightened risk of harm to any consumer.
(2)A data protection assessment conducted under subsection
(1)of this section shall:
(a)Identify and weigh the direct or indirect benefits that may flow from the processing to the controller, the consumer, other stakeholders, and the public, against the potential risks to the rights of the consumer associated with that processing, as mitigated by safeguards that can be employed by the controller to reduce the risks; and
(b)Factor into the assessment:
(i)The use of deidentified data;
(ii)The reasonable expectations of consumers;
(iii)The context of the processing; and
(iv)The relationship between the controller and the consumer whose personal data will be processed.
(3)A controller shall make a data protection assessment requested under subsection
(2)of section 87-1121 available to the Attorney General pursuant to a civil investigative demand under section 87-1121 .
(4)A data protection assessment is confidential and exempt from disclosure as a public record pursuant to sections 84-712 to 84-712.09 . Disclosure of a data protection assessment in compliance with a request from the Attorney General does not constitute a waiver of attorney-client privilege or work-product protection with respect to the assessment and any information contained in the assessment.
(5)A single data protection assessment may address a comparable set of processing operations that include similar activities.
(6)A data protection assessment conducted by a controller for the purpose of compliance with other laws or regulations may constitute compliance with the requirements of this section if the assessment has a reasonably comparable scope and effect.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.