Legal requirements for managing consumer data and handling data breaches are changing, so now is a good time to check your cyber insurance to make sure that it is keeping up.
New Oregon Law + Proposed Washington Law + California CCPA = Increasing Business Risk. Oregon’s amended data breach notification law, effective January 1, 2020, creates breach notification requirements applicable to third-party vendors—the first state law to do so. The Oregon Consumer Information Protection Act (CIPA) now requires that vendors notify the Oregon Attorney General of a substantial breach of security not later than 45 days after discovering the breach. The Bill also requires vendors to notify the “covered entity” (the owner of the data) not later than 10 days after discovering that a breach has occurred (the owner then has 45 days to report the breach to the Attorney General). Key other amendments to the law include the following: Continue Reading