Third-party vendors hit by hackers have a finite time to notify the company that hired them and, in some cases, must notify the Oregon attorney general, under changes to the state’s data breach notification law.
The measure (SB 684), which takes effect Jan. 1, 2020. Oregon has gone further than other states with notification requirements for entities that maintain personal data on behalf of another entity, according to Bloomberg law analyst Mark Smith.
Vendors must notify the state AG if the breach involved the personal information of more than 250 Oregon residents, or an unknown number of people. The vendor ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.