Oregon Amends Provisions Regarding Breach of Security of Personal Information
Oregon Senate Bill 1551 creates new provisions and amends existing provisions regarding personal information that is subject to breach of security. These provisions require those that possess personal information that was subject to breach of security to notify those affected by the breach.
One key amendment in Oregon Senate bill 1551 is the definition of “personal information.” Previously this definition included:
- first and last names/initials
- Social Security numbers
- driver license numbers
- passport numbers
- financial account numbers.
The definition has been amended to also include “any other information or combination of information that a person reasonably knows or should know would permit access to the consumer’s financial account” (ORS 646A.602(11)(A)(iv)).
Previously, only those that possessed personal information subject to a breach of security were required to provide notice of the breach of security; the amended provisions also require those that “received notice of a breach of security from another person that maintains or otherwise possesses personal information on the person’s behalf…” to give notice of the security breach to the consumer affected and the Attorney General, if more than 250 consumers are entitled to notice (ORS 646A.604(1)). Notice may be provided either in writing or electronically (ORS 646A.604(4)). Additionally, reasonable steps must be taken to: determine contact information of those effected, understand the scope of the breach, and restore security (ORS 646A.604(3)).
The full text of Oregon Senate Bill 1551 can be found here: https://olis.leg.state.or.us/liz/2018R1/Downloads/MeasureDocument/SB1551
Comments are closed.