The Oregon Consumer Identify Theft Protection Act, passed during the 2007 Legislature, creates strong standards for businesses to ensure the safety of sensitive data that can be used by identity thieves. The law contains several new requirements:
Protecting Social Security Numbers
Effective Oct 1, 2007. The law prohibits anyone who keeps Social Security numbers from printing them on any material that is mailed when the recipient has not requested it. The law also prohibits printing a Social Security number on a card used to access products or services, or publicly posting or displaying a Social Security number, such as on a Web site.
Notification of Security Breach
Effective Oct 1, 2007. Anyone who keeps personal identifying information about Oregonians must notify them if computer files containing that personal information have been subject to a security breach. The notification must be done as soon as possible–unless it would impede a criminal investigation–in writing, electronically, or by telephone.
Effective Jan 1, 2008. Businesses must develop, implement, and maintain reasonable safeguards to ensure the security, confidentiality, and integrity of the personal identity information they keep. Under this law, a proper security plan includes:
Administrative safeguards such as identifying what personal information the business keeps and how to keep it safe, training employees in security program practices and procedures, and ensuring that contracted service providers are capable of supplying and maintaining systems that protect sensitive information.
Technical safeguards such as assessing risks in network and software design, and detecting, preventing and responding to attacks or system failures;
Physical safeguards such as protecting against unauthorized access to or use of personal identifying information, and disposing of information that is no longer needed by way of shredding, burning or erasing electronic data that is unreadable or cannot be reconstructed.
The law also allows Oregon consumers to place a security freeze on their credit file to help prevent identity theft. For guidance on how to implement these new requirements call 503-378-4140 or toll free 866-814-9710.