Get Your Business Ready for a New Era of Data Privacy Regulations in Oregon

Alexandria Wagner-Jakubiak
Tonkon Torp LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Tonkon Torp LLP

 

The recent enactment of SB 19 (the Oregon Consumer Privacy Act or “OCPA”) will have varying impacts on a large portion of businesses (including nonprofits) operating within Oregon –especially those with websites. For those businesses required to follow the OCPA, understanding how it applies, its exemptions, and its key consumer rights, will be crucial to ensure compliance and avoid penalties.

Effective July 1, 2024, the OCPA introduces a framework outlining the responsibilities of covered businesses and entities in safeguarding consumer data and upholding individual privacy rights. The OCPA emphasizes data protection measures, data processing limitations, and the necessity of obtaining explicit consent where required (such as for sensitive data or changes in the way data is used). Key requirements include implementing robust data security safeguards, responding to consumer rights requests promptly, and maintaining transparent privacy notices. The OCPA applies to any non-exempt Oregon business that meets either of the following minimum processing thresholds on an annual basis:

  • Business controls or processes the personal data of 100,000 or more consumers (excluding personal data controlled or processed solely for purposes of completing a payment transaction)
  • Business has 25,000 or more consumers and derives more than 25% of its annual gross revenue from selling personal data

Oregon joins a growing list of states (now at 15 and counting) that have passed comprehensive privacy bills in the last few years. Businesses should carefully assess the way that they process data to ensure compliance with the upcoming OCPA obligations. From conducting data protection assessments to ensuring compliance with exceptions to processing limitations, we strongly urge businesses to proactively review their data handling practices. The OCPA brings a new era of data privacy regulation to Oregon and businesses will need to engage in internal discussions and seek guidance on navigating the intricacies of applicable privacy laws lest they face the consequences of non-compliance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tonkon Torp LLP | Attorney Advertising

Written by:

Tonkon Torp LLP
Tonkon Torp LLP
Contact
more
less

Tonkon Torp LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide