Oregon Consumer Protection Act
Cyber insurance – An insurance policy that helps protect a business from liability and losses due to a data breach, hacking threat, or other computer or network-based incident.
Craig Vattiat (00:00):
So moving on to the second part of the presentation, uh, we’re gonna talk about the responsibilities that you have as a business owner to protect your customer’s personal information. Uh, you have a responsibility under Oregon law to protect that information. And it’s also just good business practice, right? Your, your reputation as a business owner is tied to your customers. And so keeping them safe is really just good business practice, cyber tax, data breaches, you know, ransomware attacks have become increasingly common and those can have really significant financial impacts on your business. So protecting that data that records, uh, again, is going to protect your business. And it’s also going to comply with the law. You can purchase cyber insurance to protect you and provide coverage there. Um, but it’s really important to still understand your responsibilities and how to reduce that risk of that data breach. Uh, there’s a QR code there to a publication on protecting your business from data breach and, uh, some of the responsibilities that you have.
Craig Vattiat (01:13):
So the Oregon consumer information protection act has two major requirements for businesses. Um, the first is that businesses develop, implement and maintain reasonable, safe, protect that consumer personal information. And the second responsibility is to notify any individuals in case of a breach. So those are the two primary responsibilities that business owners have to take a look at, you know, what is personal idenifying information according to this law? Well, it’s a consumer’s name in combination with any of the following. So that could be, you know, government issued identification numbers, like your social, social security number or driver’s license number. It could also be any financial account numbers in combination with the access information needed, you know, so username and password, or let’s say an account, uh, a credit card and the, the expiration date and the security code. So kind of going back to Joni’s question earlier about, let’s say, you know, somebody at a market where that information is compromised.
Craig Vattiat (02:24):
That could be a situation where, um, you have a security breach, a data breach, um, health insurance information. Uh, so your medical records, any biometric data, um, is also part of that personal identifying information, uh, security breach itself, according to Oregon’s laws, the unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal information. So, you know, that we’ll take a look at that, but that could be against somebody kind of dumpster diving and, and acquiring that. Or it could be, um, an example of more sophisticated breach involving, you know, your, your computer system.