Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I store personal information about my customers in Oregon? What are the requirements?

Based on the context documents provided, here is the information you need:

Personal Information Protection in Oregon

Oregon has several regulations in place to protect personal information of individuals and businesses. The following documents provide relevant information:

  • Policy for protected health information [2.1]
  • Customer Record for Business Entities [1.1]
  • Customer Record for Persons [1.3]
  • Requests for Personal Information by a Legitimate Business [1.2]
  • Disclosure of financial records prohibited; exceptions [2.2]
  • Client Privacy Rights [5.1]

Protected Health Information

Protected health information (PHI) is subject to strict regulations under Oregon law. PHI includes any information that can be used to identify an individual and relates to their physical or mental health. PHI must be safeguarded from unlawful use or disclosure, and individuals have the right to access and review their PHI [2.1].

Customer Records

The Oregon Department of Motor Vehicles (DMV) maintains customer records for both individuals and business entities. These records include personal information such as name, address, and customer number. DMV may maintain more than one customer record for an individual or business entity under certain circumstances [1.1][1.3].

Requirements for Storing Personal Information

If you are storing personal information about your customers in Oregon, you must comply with relevant regulations to protect their privacy. This includes safeguarding their information from unlawful use or disclosure and providing individuals with the right to access and review their information.

Additionally, if you are a business entity transacting with the DMV using more than one business name, you must establish a separate customer record and assign a customer number for each name [1.1].

Requests for Personal Information by a Legitimate Business

If you are a legitimate business requesting personal information from the DMV, you must provide evidence to the DMV’s satisfaction that you are a legitimate business under ORS 802.179(3) [1.2]. Personal information obtained from DMV by a legitimate business may only be used for the purposes specified in ORS 802.179(3), and only an individual who is an employee or owner of the business may obtain personal information from DMV [1.2].

Disclosure of Financial Records

Financial institutions may not provide financial records of a customer to a state or local agency, and a state or local agency may not request or receive from a financial institution financial records of customers, except as provided in ORS 192.588, 192.589, 192.591, 192.593, 192.596, 192.597, 192.598 and 192.603 or as required by ORS 25.643 and 25.646 and the Uniform Disposition of Unclaimed Property Act, ORS 98.302 to 98.436 and 98.992, and ORS 305.084 [2.2].

Client Privacy Rights

Clients have the right to access, inspect, and obtain a copy of information on their own cases in Authority files or records, consistent with federal and state law [5.1].

Conclusion

To summarize, if you are storing personal information about your customers in Oregon, you must comply with relevant regulations to protect their privacy. This includes safeguarding their information from unlawful use or disclosure and providing individuals with the right to access and review their information. If you are a legitimate business requesting personal information from the DMV, you must provide evidence to the DMV’s satisfaction that you are a legitimate business under ORS 802.179(3), and personal information obtained from DMV by a legitimate business may only be used for the purposes specified in ORS 802.179(3). Financial institutions may not provide financial records of a customer to a state or local agency, and a state or local agency may not request or receive from a financial institution financial records of customers, except as provided in ORS 192.588, 192.589, 192.591, 192.593, 192.596, 192.597, 192.598 and 192.603 or as required by ORS 25.643 and 25.646 and the Uniform Disposition of Unclaimed Property Act, ORS 98.302 to 98.436 and 98.992, and ORS 305.084. Clients have the right to access, inspect, and obtain a copy of information on their own cases in Authority files or records, consistent with federal and state law.

Source(s):
Jurisdiction

Oregon