On December 9, Oregon’s Attorney General, Ellen Rosenblum, announced to the Oregon House and Senate Judiciary Committee that she would be introducing legislation to expand existing personal data protections for Oregon consumers while implementing additional enforcement measures to combat non-compliance.
According to Ms. Rosenblum, Oregon’s laws have not kept up with the rapid increase in the use and maintenance of consumer data. As stated to reporters: “We essentially need a consumer bill of rights so that people know what their rights are online . . . There’s great things about technology, but we have to inform the people, we have to inform parents and the kids so we can be protected better online as well as offline.”
Ms. Rosenblum’s proposal would allow the state Department of Justice to more broadly enforce civil penalties against non-compliance with enhanced data privacy standards. Oregon’s present identity theft statutes ORS 646A.600‐628, vest the Director of the Department of Consumer and Business Services with enforcement authority.
Oregon’s push towards additional privacy protections follows a large data breach at the Oregon Employment Department and Secretary of State’s Office, which compromised the personal information of more than a million people.
According to the Oregon AG, retail data breaches have also compromised the personal information of 70 million customers worldwide, including 800,000 in Oregon.