Oregon consumer identity theft protection act

Oregon SB 583 of 2007 requires that a person that owns or licenses personal information that the person uses in the course of the person’s business, vocation, occupation, or volunteer activities and that was subject to a breach of security shall give notice of the breach of security to a) the consumer to whom the personal information pertains; b) the Attorney General, either in writing or electronically, if the number of consumers to whom the person must send the notice exceeds 250. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. Additional rules detect passwords and account numbers.The rules for this policy are:

• Oregon Consumer Identity Theft Protection Act: Name and SSN
• Oregon Consumer Identity Theft Protection Act: Name and DL
• Oregon Consumer Identity Theft Protection Act: Name and CCN
• Oregon Consumer Identity Theft Protection Act: Name and Password (Wide)
• Oregon Consumer Identity Theft Protection Act: Name and Password (Default)
• Oregon Consumer Identity Theft Protection Act: Name and Password (Narrow)
• Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Wide)
• Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Default)
• Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Narrow)
• Oregon Consumer Identity Theft Protection Act: Account and Password