Nebraska recently amended its data breach notification law to expand the definition of “personal information,” strengthen its breach notification requirements, and clarify encryption standards.  Nebraska’s action continues the trend of states’ broadening the scope of their notification requirements beyond financial account, Social Security, and driver’s license numbers, thereby increasing the number of companies that have to notify affected individuals and regulators.  These amendments become effective July 20, 2016.