Latest Oregon Infringement Notification Law Becomes Effective

Companies doing business in the state of Oregon should now abide by the latest data infringement law that became effective on January 1, 2016. If a data infringement is suffered that reveals the personal information of over 250 state residents, an infringement notice should be presented to the Oregon Attorney General.

On June 10 previous year, Kate Brown, Oregon Governor initialed the latest rule (Oregon Amended Laws 646A.604) revising the Oregon Consumer Identity Robbery Safety Law of 2007. The change extended the meaning of “personal information” to incorporate biometric data like an iris or retina images as well as fingerprints, and also health and medical insurance information.

Additional data categorized as personal information incorporate Drivers’ license numbers, government ID numbers, Social Security numbers, and financial information, including debit or credit card number in combination with any required access code, security code or password. The revelation of any of those data elements together with a person’s last name or full name and initial needs an infringement notice to be issued. Oregon is among a few states that need an infringement notification to be issued even if a person’s name isn’t revealed if it would be possible for an individual to be recognized by the revealed data.

Under Oregon law, a data infringement is described as “illegal acquisition of computer data which materially compromises the integrity, confidentiality or security of private information that an entity maintains.”

Under the latest Oregon infringement notification rule, if a data infringement is suffered which affects over 250 state residents, an infringement notice should be submitted by electronic means through a new website created exclusively to record data infringements, like that generated by the California Attorney General.

In addition to showing the day that the infringement was suffered, the day that the infringement was reported to the attorney general, and the day infringement notices were sent to consumers is shown on the website too.

The site may be used by consumers to look for companies which have suffered data infringement that has affected Oregon inhabitants and see whether companies have reported those infringements properly.

Ellen Rosenblum, Oregon attorney general recently expressed thanks to the 2015 Oregon Parliament for passing the latest law, which will make sure that state residents are better safeguarded.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.