Currently, Oregon is one of only a handful of states that does not give data breach enforcement and notification power to the state Department of Justice. Oregonians should know who is collecting their personal information.
Oregon Attorney General Ellen Rosenblum testified before the joint Senate and House Judiciary Committee in support of legislation to better protect the data of Oregonians. She called on the Oregon legislature to update Oregon’s Data Breach Law, and extend data breach enforcement and notification to the Oregon Department of Justice. Nate Cardozo, staff attorney for the Electronic Frontier Foundation, and recognized and published expert on free speech, privacy litigation, and the protection of privacy in the digital age, also testified.
“As technology changes, so must the legal infrastructure which protects that technology. Oregonians want—and should—know who is collecting their personal information and data, how it is being used and protected, as well as to whom it is being sold. If asked today, most people would have little idea how to answer these questions. We need to protect and educate Oregonians—as they should, but often cannot, understand how their data is being used,” testified Attorney General Rosenblum.
Data breach and the distribution of personal information is a growing risk for Oregonians. Nationally, data breaches in 2013 exposed an estimated 546 million piece of personal information. The Oregon Identity Theft Prevention Act of 2007 requires businesses and governmental agencies to notify consumers of digital data breaches and develop safeguards for personal information but provides no protection for medical, insurance or biometric information. By extending enforcement power to the Oregon Department of Justice, Oregon will be able to use the effective enforcement tools of the already-existing Unlawful Trade Practices Act .
“Ten years ago, stealing your identity was about getting a hold of your bank account, or your social security number. Now, criminals are just as likely to target your medical information, or your insurance data, or your social media presence.” continued Attorney General Rosenblum.