General Liability Insurance
Professional Liability Insurance
Errors and Omissions Insurance
Cyber Liability / Data Breach Insurance
Workers' Compensation Insurance
Business Owner’s Policy
Data Breach Insurance
Certificate of Liability Insurance
Additional Insurance Offerings
4.9 out of 5 Customer Rating
Get in-depth information on essential insurance coverages.
Certificate of Liability insurance
In the state of Oregon, any business or person that experiences a data breach must notify affected Oregon residents as soon as possible. Notification can be sent by mail, telephone, or email unless more than 350,000 people have been affected,
or the cost of notification exceeds $250,000. In these instances, public service announcements are acceptable. When a breach impacts 1,000 or more people, all consumer-reporting agencies must be informed.
Name of Law / Statute
Oregon Consumer Identity Theft Protection Act
Definition of Protected Information
Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or
access codes + passports + any combination of data elements that allows identity theft
Who Is Subject to Law?
Any business that owns, licenses, or otherwise possesses resident PI
Notification of Consumers?
Yes, unless determination of no harm by business
By what means?
Written, phone, or electronic; if >1,000 residents, must notify consumer reporting agencies; specific info must be included in notice
Substitute Notice Threshold?
If cost of notice >$250,000 or involves >350k residents
Notification of authorities / regulators required?
$1,000/violation/day, up to $500k
Credit monitoring requirement?
Private lawsuits allowed?
Yes (but only if not too expensive or burdensome)
Private damages cap?
Regulatory actions allowed?
Yes (if private action burdensome)
HIPAA Compliance exemption?
Other (e.g., timeframe)
Law does not apply if PI was encrypted (unless encryption was compromised) or redacted
Link to complete law
Read the full text of Oregon’s data breach law.