Posted in on April 11, 2024
The law does not apply to data maintained for employment records purposes. Furthermore, the term “consumer” means an individual Oregon resident acting only in an individual or household context and does not include an individual acting as an employee or... View Article
Posted in on
The privacy law excludes some types of entities from complying with its requirements, even if those entities meet the threshold requirements. These entities include: State, local, and tribal governments; Financial institutions as defined in ORS 706.008; and Certain insurers as... View Article
Posted in on
Yes, publicly available data and deidentified data are not “personal data” under the law. In addition, the law does not apply to certain types of personal data maintained in compliance with specific federal privacy laws, such as the Health Insurance... View Article
Posted in on
Sensitive data includes: Any data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions or diagnoses, sexual orientation, citizenship or immigration status, status as transgender or nonbinary, or status as a crime victim;... View Article
Posted in on
Personal data is any information that can be linked to an individual. Personal data also includes any information that can be linked to an individual’s device or a household device (like a cell phone or a smart appliance). Some controller... View Article
Posted in on
A “sale” is the exchange of personal data for monetary or other valuable consideration between a controller and a third party. ”Valuable consideration” is not limited to money. This could include a controller exchanging customer lists with a third party.... View Article
Posted in on
Processing refers to any action a controller may take with respect to personal data, including collecting, using, storing, selling, sharing, analyzing, or modifying the data.
Posted in on
The key distinction between a controller and a processor is their decision-making authority over personal data. Under the law, a processor may only process data at the request and under the direction of a controller. The processor is contractually bound... View Article
Posted in on
Yes, the law applies to vendors and service providers that maintain or provide services involving personal data on behalf of a controller. The individuals or entities that fit that description are called “processors.”
Posted in on
The law applies to any individual or entity that conducts business in Oregon or that provides products or services to Oregon residents if, during a calendar year, that individual or entity controls or processes the personal data of: at least... View Article
