How Oregon Senate Bill 583 effects your business

The Oregon Consumer Identity Theft Protection Act – Effective January 1, 2008

CLICK HERE (pdf) SENATE BILL 583

Your business must implement an information security program that includes the following:
-Establish administrative safeguards.

-Designate one or more employees to coordinate the security program.

-Identify reasonably foreseeable internal and external risks.

-Assess the sufficiency of safeguards in place to control the identified risks.

-Select service providers capable of maintaining appropriate safeguards, and require those safeguards by contract.

-Adjust the security program in light of business changes or new circumstances.

Technical safeguards such as the following:

-Assess risks in network and software design.

-Assess risks in information processing, transmission and storage.

-Detect, prevent and respond to attacks or system failures.

-Regularly tests and monitors the effectiveness of key controls, systems and procedures.

Physical safeguards such as the following:

-Assess risks of information storage and disposal.

-Detects, prevents and responds to intrusions.

-Protect against unauthorized access to or use of personal information during or after the collection, transportation and destruction or disposal of the information.

-Dispose of personal information after it is no longer needed for business purposes or as required by local, state or federal law by burning, pulverizing, shredding or modifying a physical record and by destroying or erasing electronic media so that the information