Business services

Collecting, sharing, and keeping personal data is essential to businesses, organizations, and government agencies. Because cyber attacks have become increasingly common and sophisticated, it’s vital to have a plan to protect your customers and employees by developing a plan.

The Oregon Consumer Identity Theft Protection Act (OCITPA) and related rules give you clear direction and expectations to ensure the safety of sensitive data.

In Oregon personal information includes a consumer’s first name, or first initial and last name, in combination with the consumer’s:

  • Social Security number
  • Driver license number or state ID card number issued by the Department of Transportation
  • Passport number other U.S.-issued identification number
  • Financial account, credit, or debit card number, in combination with any required security or access code, or password that would allow access to the financial account
  • Physical characteristics data used to authenticate identification during a financial transaction such as a fingerprint, retina or iris image
  • Health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier used by heath insurers
  • Medical history, mental or physical condition, or medical diagnosis or treatment by a health care professional

See detailed steps to protecting data​