The Nebraska Legislature has given first-round approval to LB 241, a bill aimed at raising the bar for filing class-action lawsuits in state courts against private entities following cybersecurity breaches. The bill would change the standard of negligence required to file such lawsuits, raising it from ordinary negligence to willful, wanton, or gross negligence. This adjustment seeks to ensure that private entities only face legal action for breaches that are more severe or intentional, rather than for simple negligence.
Supporters of the bill argue that it is necessary to prevent frivolous lawsuits and ensure that businesses are not overwhelmed by legal claims for incidents that might be accidental or due to minor negligence. Bob Hallstrom, the sponsor of the bill, emphasized that it would not completely block individuals from filing civil suits. Instead, it would raise the threshold for cases where gross negligence or willful misconduct is involved, leaving room for legal action in cases of ordinary negligence.
However, the bill has faced significant opposition, particularly from lawmakers like Sen. George Dungan, who argue that it restricts access to legal recourse for individuals. Dungan pointed out that cybersecurity breaches, such as stolen passwords or incidents at banks, have become common occurrences. He expressed concerns that raising the standard of proof to gross negligence would prevent legitimate cases from being heard, making it harder for individuals to seek justice in cases of data breaches that affect their personal security.
Despite these concerns, the bill has advanced with a 33-9 vote, reflecting strong support among legislators for tightening the requirements for cybersecurity-related lawsuits.
The next steps in the legislative process will involve further debates and discussions on the implications of the bill. If passed into law, it could significantly impact how individuals and businesses handle legal action following cybersecurity breaches in Nebraska.
