As we recently noted, Washington state amended its data breach notification law on May 7 to expand the definition of “personal information” and shorten the notification deadline (among other changes). Not to be outdone by its sister state to the north, Oregon followed suit shortly thereafter—Senate Bill 684 passed unanimously in both

As we noted last month, Washington’s efforts to follow California’s lead in passing its own GDPR-like law have stalled after the bill failed to make its way through the state’s House of Representatives—despite overwhelming approval in the Senate (where it passed 46-1).  That bill’s sponsor has promised to revisit the issue during

Oregon Governor Kate Brown signed a bill last month toughening the state’s already stringent data breach notification law, which will take effect on June 2, 2018.  The most significant change for companies to be aware of is the requirement that affected consumers be notified no later than 45 days following discovery of a breach.  Additionally,