Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. Amended Oregon data protection act expands scope and regulates vendorsArticles

    Article

    Amended Oregon data protection act expands scope and regulates vendors

    July 15, 2019

    Share

    By Valerie Montague

    The updated law now requires vendors and subcontractors to send data breach notifications to their clients, as well as to the Oregon Attorney General.

    On May 20, 2019, an amendment to the Oregon Consumer Identity Theft Protection Act passed unanimously in the Oregon House and Senate, and Governor Kate Brown signed the bill into law on May 24, 2019.  This amendment changed the title of the state’s data protection law to the “Oregon Consumer Information Protection Act.”  It also expanded the scope of the law, updating the types of information considered “personal information” and mandating vendor notification of breaches.

    The amendment expands the definition of “personal information” to include user names or other information used to access a consumer’s online account.  Breaches of this information would require notification pursuant to the requirements of the act.

    In addition, vendors now are directly regulated under the act.  The amendment adds a definition of “covered entity”—a person owning, licensing, maintaining, storing, managing, collecting, processing, acquiring or otherwise possessing personal information in the course of its activities.  Persons contracting with such covered entities to maintain, store, manage, process or otherwise access personal information in the course of services provided to or on behalf of a covered entity are deemed “vendors” under the act. 

    The amendment specifies that vendors who discover a data breach, or who have reason to believe that a breach occurred, must notify the applicable covered entity no later than ten (10) days following discovery. Subcontractor vendors must notify the vendor with which they contract.  If a breach involved personal information of more than 250 consumers, or if the vendor cannot determine how many consumers are impacted by a breach, the vendor is required to notify the Oregon Attorney General (unless the applicable covered entity has already done so).

    Health care organizations and vendors regulated under HIPAA are exempt from the requirements of the act if the breached information is subject to HIPAA and they comply with their obligations under HIPAA. However, they must notify the Oregon Attorney General if the breach impacts more than 250 consumers.

    The amendment to the act takes effect on January 1, 2020.

    PrivacyData Breach

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL