Posted in on April 11, 2024
Yes, for certain types of data and under certain circumstances. Consent is required to collect, store, or otherwise process all categories of “sensitive data”, as defined in the law (see question above for more detail about this). If the controller... View Article
Posted in on
Among other obligations, controllers must: Provide a privacy notice regarding the types of personal data the controller processes, the specific purpose(s) for processing data, whether and why the controller shares personal data with third parties, and information about how consumers... View Article
Posted in on
Generally, Oregon consumers have the following rights: The right to access personal data that has been collected about them. The right to know a list of the specific third parties that have received their personal data or any personal data... View Article
Posted in on
The law does not apply to data maintained for employment records purposes. Furthermore, the term “consumer” means an individual Oregon resident acting only in an individual or household context and does not include an individual acting as an employee or... View Article
Posted in on
The privacy law excludes some types of entities from complying with its requirements, even if those entities meet the threshold requirements. These entities include: State, local, and tribal governments; Financial institutions as defined in ORS 706.008; and Certain insurers as... View Article
Posted in on
Yes, publicly available data and deidentified data are not “personal data” under the law. In addition, the law does not apply to certain types of personal data maintained in compliance with specific federal privacy laws, such as the Health Insurance... View Article
Posted in on
Sensitive data includes: Any data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions or diagnoses, sexual orientation, citizenship or immigration status, status as transgender or nonbinary, or status as a crime victim;... View Article
Posted in on
Personal data is any information that can be linked to an individual. Personal data also includes any information that can be linked to an individual’s device or a household device (like a cell phone or a smart appliance). Some controller... View Article
Posted in on
A “sale” is the exchange of personal data for monetary or other valuable consideration between a controller and a third party. ”Valuable consideration” is not limited to money. This could include a controller exchanging customer lists with a third party.... View Article
Posted in on
Processing refers to any action a controller may take with respect to personal data, including collecting, using, storing, selling, sharing, analyzing, or modifying the data.