Spotlight: Privacy

Safeguarding Consumer Privacy

Consumer privacy is a key issue for the Oregon Department of Justice (DOJ) and Attorney General Ellen F. Rosenblum. Rapid changes in technology and information sharing have raised new privacy challenges. The sheer amount of information produced, collected and stored about Oregonians is expanding rapidly, and the data collected is more sensitive than ever. Health trackers, online banking, home security systems and even our cars are presenting new privacy and security challenges.

AG Rosenblum is committed to making the online marketplace safer and more straightforward for Oregonians. In 2017, AG Rosenblum supported the Oregon legislature’s passage of a bill designed to hold companies accountable for their online privacy policies. Under the law, Oregon’s Unlawful Trade Practices Act — passed in the 1970s — now applies to the privacy terms consumers agree to prior to downloading an app or other online tools.

Student Privacy

Educators and students across Oregon are using new online services to enhance classroom learning. Many of these services track, collect and store sensitive student information according to their own privacy policies, which may be inadequate.

In 2015 AG Rosenblum helped pass a law that prohibits online educational sites, services, and applications from compiling, sharing or disclosing student information for any purpose other than educational purposes. The Oregon Student Information Protection Act balances protecting our students while giving companies room to develop and thrive in the digital education market. You can read the Oregon Student Information Protection Act here: Oregon Revised Statutes 336.184 »

Data Security

Oregon businesses and governments have an existing duty to provide reasonable security for Oregonians’ data and to notify any Oregon consumer whose personal information was breached. In 2016 a new law went into effect, allowing the Attorney General to enforce penalties against data holders who fail to use reasonable security measures. The Attorney General also worked to update the law to cover sensitive personal information such as fingerprints, medical information and health insurance information. In the event of a breach, businesses must let effected consumers know. In the event of a breach involving more than 250 Oregonians, the Attorney General is also required to be notified.

Oregonians can search the names of companies or organizations that have reported data breaches ».

You can read the Oregon Consumer Identity Theft Protection Act here: Oregon Revised Statutes 646A.600-646A.628 »

Oregon DOJ Privacy Cases

The Oregon DOJ’s Financial Fraud/Consumer Protection Section handles privacy cases on a wide range of subjects, from data collected from wifi networks to smart TVs. The DOJ also conducts numerous data breach investigations against companies that have put Oregonians’ personal data at risk. If you feel a business is violating your privacy, please file a complaint with us ».

Outreach to Consumers

The Oregon DOJ invests in education and outreach to help Oregonians protect their data and avoid scams and fraud. The Attorney General’s Consumer Protection Outreach Coordinator handles consumer education initiatives related to consumer privacy.

National Privacy Working Group

Oregon is a member of the National Association of Attorneys General (NAAG) Privacy Working Group ». This group tackles large data breaches and nationwide privacy issues. States will often join forces to hold businesses accountable, such as with large retailer data breaches.

Federal Trade Commission Resources

The Federal Trade Commission (FTC) » has been the chief federal agency on privacy policy and enforcement since the1970s, when it began enforcing one of the first federal privacy laws – the Fair Credit Reporting Act ». The agency uses law enforcement, policy, and consumer and business education to protect consumers’ personal information as they navigate the ever-changing marketplace. Some helpful resources include:

Related Stories