283 | Nebraska Data Privacy Act
filed in the county in which such person maintains his or her principal place of business or in such other county as may be
agreed upon by the parties to such petition. Whenever any petition is filed in the district court of any county under this
section, such court shall have jurisdiction to hear and determine the matter so presented and to enter such order as may
be required to carry this section into effect. Disobedience of any order entered under this section by any court shall be
punished as a contempt thereof.
Sec. 24.
(1)  A person who violates the Data Privacy Act following the cure period described by section 22 of this act or who breaches
a written statement provided to the Attorney General under such section is liable for a civil penalty in an amount not to
exceed seven thousand five hundred dollars for each violation.
(2) The Attorney General may bring an action in the name of the State of Nebraska to:
(a) Recover a civil penalty under this section;
(b) Restrain or enjoin the person from violating the Data Privacy Act; or
(c) Recover the civil penalty and seek injunctive relief.
(3)  The Attorney General may recover reasonable attorney’s fees and other reasonable expenses incurred in investigating and
bringing an action under this section.
(4)  All money collected under this section shall be remitted to the State Treasurer for distribution in accordance with Article
VII, section 5, of the Constitution of Nebraska.
Sec. 25.
The Data Privacy Act shall not be construed as providing a 30 basis for, or being subject to, a private right of action for a
violation of the Data Privacy Act or any other law.
Sec. 26.
The Data Privacy Act shall not be construed to:
(1) Restrict a controller’s or processor’s ability to:
(a) Comply with federal, state, or local laws, rules, or regulations;
(b)  Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other
governmental authorities;
(c)  Cooperate with any law enforcement agency concerning conduct or activity that the controller or processor reasonably
and in good faith believes may violate any federal, state, or local law, rule, or regulation;
(d) Investigate, establish, exercise, prepare for, or defend legal claims;
(e)  Provide a product or service specifically requested by a consumer or the parent or guardian of a child, perform a contract
to which the consumer is a party, including fulfilling the terms of a written warranty, or take action at the request of the
consumer before entering into a contract;
(f)  Take immediate action to protect an interest that is essential for the life or physical safety of the consumer or of another
individual and in which the processing cannot be manifestly based on another legal basis;