Ask Reggi Your Question Now
Can you summarize ORRS 646A.622?
Trade Regulation > Requirement to develop safeguards for personal information; conduct deemed to comply with requirement; defenses.
Short Summary
This legal document requires covered entities and vendors to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of personal information. The safeguards should also cover the disposal of personal information. Compliance with this requirement can be achieved by following state or federal laws that provide greater protection to personal information, complying with regulations under the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, or implementing an information security program. The information security program should include administrative, technical, and physical safeguards. Covered entities and vendors can contract with record destruction businesses for the disposal of personal information. In case of non-compliance, covered entities and vendors may defend themselves by demonstrating that they have implemented reasonable security measures required for personal information subject to applicable Acts. Small businesses are also required to have appropriate safeguards and disposal measures based on their size, complexity, activities, and the sensitivity of the personal information they collect.
Whom does it apply to?
Covered entities and vendors
What does it govern?
Safeguards to protect the security, confidentiality, and integrity of personal information
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Not specified.
Jurisdiction
Oregon