Oregon’s IoT Security Law

Earlier this year, Oregon passed H.B. 2395 that requires “reasonable security features” on internet-connected devices. The new law, which takes effect on January 1, 2020, applies to “a person that makes a connected device and sells or offers to sell the connected device” in Oregon.  “Connected device” means “any device or physical object that connects… Continue reading Oregon’s IoT Security Law

Recent Amendments to Oregon’s Data Breach Law

Oregon recently amended its data breach notification statute, now called the “Oregon Consumer Information Protection Act.”  The amendments, which go into effect on January 1, 2020, include the following changes: Expanding the definition of “personal information” to include “[a] user name or other means of identifying a consumer for the purpose of permitting access to the… Continue reading Recent Amendments to Oregon’s Data Breach Law

Oregon’s New Breach Notification Deadline

Recently passed amendments to Oregon’s Consumer Identity Theft Protection Act take effect on June 2, 2018. One of the most significant changes is to require notice to consumers, and Oregon’s Attorney General if the breach impacts more than 250 consumers, “not later than 45 days after discovering or receiving notification of the breach of security.”… Continue reading Oregon’s New Breach Notification Deadline

Oregon Legislation Alert

This week, Oregon lawmakers introduced a bill (HB4147) that would require companies to notify consumers within 45 days of discovering a data breach of their personal information. The so-called “Equifax Bill” also would prohibit companies from charging consumers or requesting their credit or debit card numbers to redeem offers for free credit card monitoring or a… Continue reading Oregon Legislation Alert