Posted in on April 16, 2025
We use the L.O.C.K.E.D. acronym to explain the specific consumer privacy rights. Consumers can get a List of the specific entities that received their personal data or any personal data from a business. Consumers can Opt-out (say “no”) to a business selling, profiling, and... View Article
Posted in on
Among other obligations, controllers must: Provide a privacy notice regarding the types of personal data the controller processes, the specific purpose(s) for processing data, whether and why the controller shares personal data with third parties, and information about how consumers... View Article
Posted in on
Your nonprofit is responsible for all of the personal data that is in your possession. Make sure to conduct information audits. Check in with different departments to understand how data is entering your nonprofit. Sometimes there are disconnects between departments,... View Article
Posted in on
Yes, for certain types of data and under certain circumstances. Consent is required to collect, store, or otherwise process all categories of “sensitive data,” as defined in the law (see above for more detail about this). Since the OCPA is... View Article
Posted in on
Publicly available data and deidentified data are not “personal data” under the law. In other words, those two categories of data are exempt even though they may contain what could otherwise be personal data. Publicly available data is information that... View Article
Posted in on
Sensitive data is a narrower subset of personal data and has extra legal protections under the privacy law. Sensitive data is any personal data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions... View Article
Posted in on
The privacy law only covers personal data. Personal data is any information that can be linked to an individual, including derived data. Personal data also includes any information that can be linked to an individual’s device or a household device... View Article
Posted in on
It depends on several factors specific to your nonprofit. For example, some factors are how data flows throughout the organization, whether different associated entities utilize or have access to each other’s consumer personal data, and who has decision-making authority over... View Article
Posted in on
No, the OCPA only applies to entities that meet certain thresholds. These thresholds are the same for nonprofits as they are for other kinds of businesses. The law applies to entities that conduct business in Oregon or that provide products... View Article
Posted in on October 16, 2024
Your method(s) of authentication should consider a number of factors: which data right a consumer is exercising; the type, sensitivity, value, and volume of personal data involved; the level of possible harm that improper access or use could cause to... View Article
