(1) A controller shall establish two or more secure and reliable methods to enable a consumer to submit a request to exercise consumer rights under the Data Privacy Act. The methods shall take into account:

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In Nebraska Statutes 87-1111

  • Person: shall include bodies politic and corporate, societies, communities, the public generally, individuals, partnerships, limited liability companies, joint-stock companies, and associations. See Nebraska Statutes 49-801
  • Process: shall mean a summons, subpoena, or notice to appear issued out of a court in the course of judicial proceedings. See Nebraska Statutes 49-801
  • State: when applied to different states of the United States shall be construed to extend to and include the District of Columbia and the several territories organized by Congress. See Nebraska Statutes 49-801

(a) The ways in which consumers normally interact with the controller;

(b) The necessity for secure and reliable communications of those requests; and

(c) The ability of the controller to authenticate the identity of the consumer making the request.

(2) A controller shall not require a consumer to create a new account to exercise a consumer right under the Data Privacy Act, but may require a consumer to use an existing account.

(3) Except as provided by subsection (4) of this section, if the controller maintains an Internet website, the controller shall provide a mechanism on the website for a consumer to submit a request for information required to be disclosed under the Data Privacy Act.

(4) A controller that operates exclusively online and has a direct relationship with a consumer from whom the controller collects personal information is only required to provide an email address for the submission of a request described by subsection (3) of this section.

(5) A consumer may designate another person to serve as the consumer’s authorized agent and act on the consumer’s behalf to opt out of the processing of the consumer’s personal data under subdivisions (2)(e)(i) and (ii) of section 87-1107. A consumer may designate an authorized agent using a technology, including a link to an Internet website, an Internet browser setting or extension, or a global setting on an electronic device, that allows the consumer to indicate the consumer’s intent to opt out of the processing of the consumer’s personal data under subdivisions (2)(e)(i) and (ii) of section 87-1107. A controller shall comply with an opt-out request received from an authorized agent under this subsection if the controller is able to verify, with commercially reasonable effort, the identity of the consumer and the authorized agent’s authority to act on the consumer’s behalf. A controller is not required to comply with an opt-out request received from an authorized agent under this subsection if:

(a) The authorized agent does not communicate the request to the controller in a clear and unambiguous manner;

(b) The controller is not able to verify, with commercially reasonable effort, that the consumer is a resident of this state;

(c) The controller does not possess the ability to process the request; or

(d) The controller does not process similar or identical requests the controller receives from consumers for the purpose of complying with similar or identical laws or regulations of another state.

(6) A technology described by subsection (5) of this section:

(a) Shall not unfairly disadvantage another controller;

(b) Shall not make use of a default setting, but shall require the consumer to make an affirmative, freely given, and unambiguous choice to indicate the consumer’s intent to opt out of any processing of a consumer’s personal data; and

(c) Shall be consumer-friendly and easy to use by the average consumer.