Archives

How does my nonprofit evaluate what personal data we possess?

Posted in on April 16, 2025

Your nonprofit is responsible for all of the personal data that is in your possession. Make sure to conduct information audits. Check in with different departments to understand how data is entering your nonprofit. Sometimes there are disconnects between departments,... View Article

Is consent required to process personal data under the law?

Posted in on

Yes, for certain types of data and under certain circumstances. Consent is required to collect, store, or otherwise process all categories of “sensitive data,” as defined in the law (see above for more detail about this). If the nonprofit entity... View Article

Are there any types of consumer data that do not qualify as personal data?

Posted in on

Publicly available data and deidentified data are not “personal data” under the law. In other words, those two categories of data are exempt even though they may contain what could otherwise be personal data. Publicly available data is information that... View Article

What is sensitive data and how does it differ from personal data?

Posted in on

Sensitive data is a narrower subset of personal data and has extra legal protections under the privacy law. Sensitive data is any personal data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions... View Article

How does the law define personal data?

Posted in on

The privacy law only covers personal data. Personal data is any information that can be linked to an individual, including derived data. Personal data also includes any information that can be linked to an individual’s device or a household device... View Article

My nonprofit has a complex hierarchy/structure. How do I determine whether it meets the minimum OCPA threshold for consideration?

Posted in on

It depends on several factors specific to your nonprofit. For example, some factors are how data flows throughout the organization, whether different associated entities utilize or have access to each other’s consumer personal data, and who has decision-making authority over... View Article

Does the privacy law apply to all nonprofits?

Posted in on

No, the OCPA only applies to entities that meet certain thresholds. These thresholds are the same for nonprofits as they are for other kinds of businesses. The law applies to entities that conduct business in Oregon or that provide products... View Article

When does the law apply to nonprofits?

Posted in on

While the OCPA went into effect on July 1, 2024, its application to nonprofit entities begins on July 1, 2025, and is not retroactive. In other words, compliance for nonprofits must start with existing data/collection/consent as of that date. However,... View Article

Oregon Department of Justice

Media

Archives

How does my nonprofit evaluate what personal data we possess?

Is consent required to process personal data under the law?

Are there any types of consumer data that do not qualify as personal data?

What is sensitive data and how does it differ from personal data?

How does the law define personal data?

My nonprofit has a complex hierarchy/structure. How do I determine whether it meets the minimum OCPA threshold for consideration?

Does the privacy law apply to all nonprofits?

When does the law apply to nonprofits?