Skip to main content

Oregon State Flag An official website of the State of Oregon »

Oregon.gov Homepage

Consumer privacy resources

What is a data broker?

A data broker is defined as a business entity that collects and sells or licenses brokered personal data to another person.

All data brokers must be registered with the Oregon Secretary of State and apply through eGov to operate in the state of Oregon. Data brokers must offer you the option to opt out from the collection and sale or licensing of some, all, or any of your personal data, from the following computerized data elements, organized for sale or licensing to others:

  • Your name or the name of a member of your immediate family or household
  • Your address or address of a member of your immediate family or household
  • Your date or place of birth
  • The maiden name of your mother
  • Biometric information about you
  • Your Social Security number or other government-issued identification number
  • Any other information that alone, or in combination with other information sold or licensed, can be reasonably associated with you

Know your rights under Oregon law:

As an Oregon resident, you have the right to know how to decline your data from being brokered, which data brokering activities you can opt out of, and the methods you can use to exercise your right to opt out.

  • Be informed: Broker dealers are obligated to inform you about how to decline all or part of the data broker's collection, sale, or licensing of your personal information.
  • Be aware: Broker dealers are required to identify the specific data activities you can opt out of, as well as the segments of your personal data that you may choose not to disclose or allow the data broker to collect, sell, or license.
  • Be equipped: Broker dealers must provide a clear explanation of how you can opt out of the collection, sale, or licensing of your brokered personal data, and they must detail the process for someone else to be authorized to make this decision on your behalf, including the necessary steps involved.

How can I check if a data broker is registered and opt out?

You can search by the name of the data broker or its license number and find its opt-out information by selecting the company's name. You can also view the entire list by selecting “DFR-Data Broker" from the “Profession" drop-down and “Data Broker" from “License Type". Go to the DCBS contractor/business license search page to begin your data broker search.

Image of form for searching for individual or person license, highlighting specific form fields to use.

Once I find the opt-out contact information, what is next?

Copy the weblink and paste it into a search engine such as Google. Typically, you will find an online form with steps on how to fill it out. The data broker may provide you with a response acknowledging it has received your request.

Is there a law that requires businesses to use reasonable safeguards to secure my personal data?

If an organization holds personal data, it is essential to secure it. Common components of “reasonable safeguards" include:

  • Risk assessment – evaluating potential data security issues
  • Access controls – implementing complex password requirements, multifactor authentication, and restricting access on a need-to-know basis
  • Data encryption – encrypting particularly sensitive information
  • Employee training – ensuring that staff understand and follow these protocols
  • Data minimization – collecting only the data that is necessary
  • Regular security monitoring – ongoing checks to maintain data safety

While some larger organizations may implement these security measures internally, others opt to hire specialized contractors or companies. It is important to note that the Oregon Consumer Information Protection Act (ORS 646A.600), also known as the Data Breach Law, imposes data security obligations on all entities that possess personal information of Oregon residents. By adopting reasonable data security safeguards, organizations can prevent or mitigate data breaches.

For further details on reasonable data security practices and Oregon's Data Breach Law, refer to the business guide from the Department of Consumer and Business Services (DCBS): Protecting Personal Information: A Business Guide.

For more information on the rules and statutes protecting your rights under a data broker, visit: Oregon Secretary of State Administrative Rules.

Consumer complaints about data privacy can be filed with the Oregon Department of Justice.

Resources

Data broker registry FAQ

What even is data privacy? And why should we care about it – Oregon Consumer Justice

Smartphone privacy protection – Consumer Reports

How to protect yourself from privacy scammers – Oregon Department of Justice

Protect your privacy from the apps on your phone – Consumer Reports