The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their rights under the Oregon Consumer Privacy Act (OCPA) and encourages them to take control of their personal information.

The OCPA went into effect in July 2024 and allows consumers to educate themselves about the types of data being collected and how that data is used. It also grants consumers the right to request that a business delete their data, opt out of the sale of their data, and be informed of third parties who receive their data. Instructions on where to find that information can be found here.

Consumers under the age of 13 are granted additional rights through the OCPA. Through a recent survey, the Oregon DOJ learned that the top concern related to consumer privacy is the privacy of children’s data. While the federal Children’s Online Privacy Protection Act deals with protecting children’s data online and requires parental consent before the collection of personal information from children under the age of 13, the OCPA allows consumers to request deletion of data about a child or themselves to reduce the risk of exploitation by advertisers or data brokers. The toolkit includes tips for parents on monitoring, managing, and restricting the collection of a child’s information.

The Oregon DOJ established an online compliance  system to report businesses not responsive to consumer requests under the OCPA. Since July 2024, the Oregon DOJ has received 118 consumer privacy complaints. Businesses are given 30 days to comply with the OCPA; possibly facing face up to $7,500 per violation.

This new toolkit is intended to serve as a guide for businesses to review their privacy notices and confirm that their disclosures about the collection, use, and disclosure of consumer data are clear and transparent. While the toolkit targets for-profit businesses, OCPA will expand it to include non-profit organizations later this year; look for further guidance from the Oregon DOJ starting this summer.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Kathryn Rattigan
Show more Show less