Skip to main content
Find a Lawyer

Nebraska Revised Statutes Chapter 87. Trade Practices § 87-1108. Controller; compliance; procedure

Current as of January 01, 2024 | Updated by Findlaw Staff

(1) Except as otherwise provided in the Data Privacy Act, a controller shall comply with a request submitted by a consumer to exercise the consumer's rights pursuant to section 87-1107.

(2) A controller shall respond to the consumer request without undue delay within forty-five days after the date of receipt of the request. The controller may extend the response period once by an additional forty-five days when reasonably necessary, taking into account the complexity and number of the consumer's requests, so long as the controller informs the consumer of the extension within the initial forty-five-day response period, together with the reason for the extension.

(3) If a controller declines to comply with a consumer's request, the controller shall inform the consumer within forty-five days after the date of receipt of the request of the justification for declining to comply and provide instructions on how to appeal the decision to the Attorney General in accordance with section 87-1109.

(4) A controller shall provide information in response to a consumer request free of charge, up to twice annually per consumer. If a request from a consumer is manifestly unfounded, excessive, or repetitive, the controller may charge the consumer a reasonable fee to cover the administrative costs of complying with the request or may decline to act on the request. The controller bears the burden of demonstrating that a request is manifestly unfounded, excessive, or repetitive.

(5) If a controller is unable to authenticate the request using commercially reasonable efforts, the controller is not required to comply with a consumer request submitted under section 87-1107 and may request that the consumer provide additional information reasonably necessary to authenticate the consumer's identity and the consumer's request.

(6) A controller that has obtained personal data about a consumer from a source other than the consumer is in compliance with a consumer's request to delete such personal data pursuant to subdivision (2)(c) of section 87-1107 by:

(a) Retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer's personal data remains deleted from the business's records and not using the retained data for any other purpose under the Data Privacy Act; or

(b) Opting the consumer out of the processing of that personal data for any purpose other than a purpose that is exempt under the Data Privacy Act.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Nebraska Revised Statutes Chapter 87. Trade Practices § 87-1108. Controller; compliance; procedure - last updated January 01, 2024 | https://codes.findlaw.com/ne/chapter-87-trade-practices/ne-rev-st-sect-87-1108/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard