The Oregon Consumer Privacy Act will come into effect on July 1, 2024.
The OCPA is the eleventh comprehensive privacy law in the United States.
It has a lot of similarities to Montana and Texas’ laws.
Value Privacy’s experts are able to help your organization prepare and become fully compliant with any privacy laws that impact your business.
Who Does it Affect
Entities that conduct business in Oregon or provides products or services to Oregon residents and during a calendar year controls or processes:
- The personal data of 100,000 or more consumers, other than personal data controlled or processed solely for the purpose of completing a payment transaction; or
- The personal data of 25,000 or more consumers while deriving 25% or more of its annual gross revenue from selling personal data.
- Information protected under HIPAA, Gramm-Leach-Bliley Act, Driver’s Privacy Protection Act Family Educational Rights and Privacy Act, and the Airline Deregulation Act and specified employee-related information
- Public corporations
- State, local and special government bodies
- Financial institutions as defined under the Bank Holding Company Act
- Insurers which meet specified definitions under Oregon state law including non-profit organizations that are established in connection with insurance activities.
The right to confirm whether or not a controller is processing their personal data and to access that data.
Inaccuracies in their personal data, considering the nature of the data and the purposes of the processing of their data.
Personal data provided by or obtained about them.
The right to obtain a copy of their personal data that they previously provided to the controller in a portable and to the extent that is technically feasible, readily used format that allows them to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
Of the processing of personal data for the purposes of: targeted advertising; the sale of personal data; or, profiling in advancing decisions that produce legal or similarly significant effects concerning the consumer.
The Oregon Attorney General is responsible for the enforcement of the Oregon Consumer Privacy Act and can seek civil penalties of up to $7,500 per violation.
There will be a 30-day cure period for organisations to rectify the issue before the Attorney General is able to bring any action. However this cure period will only last until January 1, 2026.
Value Privacy are on hand to make sure your business is compliant with data and privacy regulations. Whether you need a privacy health check or you want help to make sure you and your business are ready for the arrival of the Colorado Privacy Act, we’re here to help. You can find out more about what we do or contact us and have a chat about your needs.