Magazine article Business Credit

Oregon Passes New Data Security Law

Magazine article Business Credit

Oregon Passes New Data Security Law

Article excerpt

Following in the footsteps of a nearly decade-long legislative trend, Oregon Governor Theodore Kulongoski recently signed into law State Senate Bill 583, a new stringent set of regulations regarding business and government agencies' responsibility to guard sensitive customer information.

The prominent feature of S.B. 583 is its regulations related to notification requirements when a data breach occurs. "Breach of security" is defined in the bill as the "unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal information maintained by the person." Once a breach is confirmed, businesses must notify residents of the breach and that their personal information has been compromised unless, however, an investigation is conducted by an appropriate law enforcement agency and it is determined that there is "no reasonable likelihood" of harm.

Personal information is defined as the consumer's first name or first initial and last name combined with one other item of personally identifiable information, namely, a social security number, driver's license or state ID card number, passport or other government issue ID number or financial account number including password or security code information. It should also be noted that the law doesn't require the individual's name to be directly connected to the other data element to constitute an instance that requires notification, only that the lost data is "sufficient to permit a person to commit identity theft. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.