Oregon’s New Breach Notification Deadline

Recently passed amendments to Oregon’s Consumer Identity Theft Protection Act take effect on June 2, 2018. One of the most significant changes is to require notice to consumers, and Oregon’s Attorney General if the breach impacts more than 250 consumers, “not later than 45 days after discovering or receiving notification of the breach of security.”… Continue reading Oregon’s New Breach Notification Deadline

72-Hour Breach Notification Rule

One of the most talked-about provisions in the GDPR is a new 72-hour breach notification requirement. Article 33 of the GPDR mandates that “in the case of a personal data breach, data controllers shall without undue delay” notify the supervisory authority “not later than 72 hours after having become aware of” the breach. The Article… Continue reading 72-Hour Breach Notification Rule

Oregon Legislation Alert

This week, Oregon lawmakers introduced a bill (HB4147) that would require companies to notify consumers within 45 days of discovering a data breach of their personal information. The so-called “Equifax Bill” also would prohibit companies from charging consumers or requesting their credit or debit card numbers to redeem offers for free credit card monitoring or a… Continue reading Oregon Legislation Alert

Oregon’s Data Breach Notification Law

If you do business in Oregon and own, maintain, or possess data about Oregon residents, you must comply with Oregon’s Consumer Identity Theft Protection Act (the “Act”). The Act requires the implementation of reasonable safeguards to protect the security, confidentiality, and integrity of personal information. Personal information is defined as: Social Security number, driver’s license… Continue reading Oregon’s Data Breach Notification Law