Collecting, sharing, and keeping personal data is essential to businesses, organizations, and government agencies. Because cyber attacks have become increasingly common and sophisticated, it’s vital to have a plan to protect your customers and employees by developing a plan.
The Oregon Consumer Identity Theft Protection Act (OCITPA) and related rules give you clear direction and expectations to ensure the safety of sensitive data.
In Oregon personal information includes a consumer’s first name, or first initial and last name, in combination with the consumer’s:
- Social Security number
- Driver license number or state ID card number issued by the Department of Transportation
- Passport number other U.S.-issued identification number
- Financial account, credit, or debit card number, in combination with any required security or access code, or password that would allow access to the financial account
- Physical characteristics data used to authenticate identification during a financial transaction such as a fingerprint, retina or iris image
- Health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier used by heath insurers
- Medical history, mental or physical condition, or medical diagnosis or treatment by a health care professional