Skip to Content

Companies now must notify state of large data breaches

KTVZ

For the first time, the Oregon attorney general must now be notified when there has been a consumer data breach involving more than 250 Oregonians.

The new law, which went into effect Jan. 1 requires businesses and government agencies to notify the Oregon attorney general’s office when the personal data of at least 250 Oregonians has been compromised.

“The sheer amount of data that is collected and stored every day can be a treasure trove to the wrong person,” said Attorney General Ellen Rosenblum. “This law sees to it that when sensitive health or financial information is breached, the attorney general and consumers are notified and can search our website to determine whether a business or agency has properly reported a data breach. A big thank you to the 2015 Oregon Legislature for passing this important consumer law.”

The new law defines protected data to include any medical, health insurance or biometric information as well as Social Security numbers, government ID numbers or certain financial information.

Oregonians can search the names of companies or organizations that have reported data breaches here.

Under the new law, a company or state agency must notify the Oregon Department of Justice in a reasonable time if the personal information of 250 or more Oregonians has been breached. Breached entities can report a breach here

Article Topic Follows: News

Jump to comments ↓

KTVZ News Team

BE PART OF THE CONVERSATION

KTVZ NewsChannel 21 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content