Skip to main content

Requirements for safeguarding data

Collecting, sharing, and keeping personal data is essential to businesses, organizations, and government agencies. Because cyber attacks have become increasingly common and sophisticated, it’s vital to have a plan to protect your customers and employees by developing a plan.

The Oregon Consumer Identity Theft Protection Act (OCITPA) and related rules give you clear direction and expectations to ensure the safety of sensitive data.

In Oregon personal information includes a consumer’s first name, or first initial and last name, in combination with the consumer’s:

  • Social Security number
  • Driver license number or state ID card number issued by the Department of Transportation
  • Passport number other U.S.-issued identification number
  • Financial account, credit, or debit card number, in combination with any required security or access code, or password that would allow access to the financial account
  • Physical characteristics data used to authenticate identification during a financial transaction such as a fingerprint, retina or iris image
  • Health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier used by health insurers
  • Medical history, mental or physical condition, or medical diagnosis or treatment by a health care professional

See detailed steps to protecting data

Your browser is out-of-date! It has known security flaws and may not display all features of this and other websites. Learn how