Senate Bill: 583
Oregon Revenue Statute: §§ 646A.602 to .604
Effective Date: October 1, 2007
Definition of Personal Information: A consumer’s first name or first initial and last name in combination with any one or more of the following data elements, when the data elements are not rendered unusable through encryption, redaction or other methods, or when the data elements are encrypted and the encryption key has also been acquired:
(a) Social security number;
(b) Driver’s license number or state identification card number issued by the Department of Transportation;
(c) Passport number or other United States issued identification number; or
(d) Financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer’s financial account.
Summary: Any person that owns, maintains or otherwise possesses data that includes a consumer’s personal information that is used in the course of the person’s business, vocation, occupation or volunteer activities and was subject to a breach of security shall give notice of the breach of security following discovery of such breach of security to any consumer whose personal information was included in the information that was breached. The disclosure notification shall be made in the most expeditious time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine sufficient contact information for the consumers, determine the scope of the breach and restore the reasonable integrity, security and confidentiality of the data. In addition, any person that maintains or otherwise possesses personal information on behalf of another person shall notify the owner or licensor of the information of any breach of security immediately following discovery of such breach of security if a consumer’s personal information was included in the information that was breached.
Visit the state Web site