Safeguarding Consumer Privacy
Consumer privacy is a key issue for the Oregon Department of Justice (DOJ) and Attorney General Ellen F. Rosenblum. Rapid changes in technology and information sharing have raised new privacy challenges. The sheer amount of information produced, collected and stored about Oregonians is expanding rapidly, and the data collected is more sensitive than ever. Health trackers, online banking, home security systems and even our cars are presenting new privacy and security challenges.
AG Rosenblum is committed to making the online marketplace safer and more straightforward for Oregonians. In 2017, AG Rosenblum supported the Oregon legislature’s passage of a bill designed to hold companies accountable for their online privacy policies. Under the law, Oregon’s Unlawful Trade Practices Act — passed in the 1970s — now applies to the privacy terms consumers agree to prior to downloading an app or other online tools.
Educators and students across Oregon are using new online services to enhance classroom learning. Many of these services track, collect and store sensitive student information according to their own privacy policies, which may be inadequate.
In 2015 AG Rosenblum helped pass a law that prohibits online educational sites, services, and applications from compiling, sharing or disclosing student information for any purpose other than educational purposes. The Oregon Student Information Protection Act balances protecting our students while giving companies room to develop and thrive in the digital education market. You can read the Oregon Student Information Protection Act here: Oregon Revised Statutes 336.184 »
Oregon businesses and governments have an existing duty to provide reasonable security for Oregonians’ data and to notify any Oregon consumer whose personal information was breached. In 2016 a new law went into effect, allowing the Attorney General to enforce penalties against data holders who fail to use reasonable security measures. The Attorney General also worked to update the law to cover sensitive personal information such as fingerprints, medical information and health insurance information. In the event of a breach, businesses must let effected consumers know. In the event of a breach involving more than 250 Oregonians, the Attorney General is also required to be notified.
Oregonians can search the names of companies or organizations that have reported data breaches ».
You can read the Oregon Consumer Identity Theft Protection Act here: Oregon Revised Statutes 646A.600-646A.628 »
Oregon DOJ Privacy Cases
The Oregon DOJ’s Financial Fraud/Consumer Protection Section handles privacy cases on a wide range of subjects, from data collected from wifi networks to smart TVs. The DOJ also conducts numerous data breach investigations against companies that have put Oregonians’ personal data at risk. If you feel a business is violating your privacy, please file a complaint with us ».
Outreach to Consumers
The Oregon DOJ invests in education and outreach to help Oregonians protect their data and avoid scams and fraud. The Attorney General’s Consumer Protection Outreach Coordinator handles consumer education initiatives related to consumer privacy.
National Privacy Working Group
Oregon is a member of the National Association of Attorneys General (NAAG) Privacy Working Group ». This group tackles large data breaches and nationwide privacy issues. States will often join forces to hold businesses accountable, such as with large retailer data breaches.
Federal Trade Commission Resources
- FTC’s Privacy Report: Balancing Privacy and Innovation »
- The Do Not Track Option: Giving Consumers a Choice »
- Making Sure Companies Keep Their Privacy Promises to Consumers »
- Protecting Consumers’ Financial Privacy »
- The Children’s Online Privacy Protection Act (COPPA): What Parents Should Know »
- Stronger Privacy Protections Pass out of Oregon Legislature »
- Oregon’s New Data Breach Law Now in Effect – New Oregon DOJ Website Provides Search of Reported Breaches »
- AG Rosenblum Announces Agreement to Protect Consumer Privacy in RadioShack Case »
- Google Agrees it Won’t Circumvent Consumer Privacy Settings »
- Facebook Safety and Privacy Education (Video) »