Nebraska Enacts Law Shielding Companies from Cybersecurity Class Actions
HIPAA Journal
|
Contributed by: Drex DeFord
Summary
On March 17, 2025, Nebraska Governor Jim Pillen enacted Legislative Bill 241, which limits private companies' liability in class action lawsuits stemming from cybersecurity incidents, reflecting a nationwide trend to protect businesses from the financial repercussions of data breaches. The law stipulates that such lawsuits are only permissible if there is evidence of willful or grossly negligent conduct by the company, encouraging organizations to adopt better cybersecurity practices without the fear of excessive legal repercussions. However, this protection does not apply to regulatory actions, such as those related to HIPAA violations, and it defines private companies broadly to include various entities affected by adverse cyber events.
