Search sponsored by Coast Marketplace
Home Capital Bureau

New data breach protections closer to law in Oregon

The state House passed the ‘Equifax bill’ Thursday to prohibit companies from charging for a security freeze after a data breach and other protections

By PARIS ACHEN

Capital Bureau

Published on March 1, 2018 8:06PM

Last changed on March 1, 2018 8:30PM

The state House passed the ‘Equifax bill’ Thursday to prohibit companies from charging for a security freeze after a data breach and other protections.

EO Media Group

The state House passed the ‘Equifax bill’ Thursday to prohibit companies from charging for a security freeze after a data breach and other protections.

Buy this photo

SALEM — The state House on Thursday passed a bill to enhance protections for consumers when hackers steal their information from credit reporting bureaus and other companies.

The 58-1 vote follows unanimous passage of the bill in the Senate in February. The bill now needs Gov. Kate Brown’s signature to become law.

The legislation requires companies to notify consumers within 45 days after discovering a data breach of their personal information and prohibits companies from charging consumers for a security freeze. A security freeze is one of the best ways to secure a breached account and stop identity theft, according to the Oregon Department of Justice.

“Let’s hope that this bill will help these sorts of issues from devastating consumers in the future, especially in Oregon, as we know this is a very difficult thing for consumers to deal with that can be time-consuming and sometimes expensive,” said state Rep. Paul Holvey, D-Eugene, who presented the bill on the House floor.

Under Senate Bill 1551, consumers would be entitled to place a credit freeze with each credit reporting agency without charge at any time for any reason. Companies also would be prohibited from charging for removal of a freeze, or a temporary lifting of a freeze.

Dubbed the “Equifax bill,” the legislation responds to a mass cyber theft at the Atlanta-based credit reporting agency last September. The data breach compromised private information, such as Social Security and driver’s license numbers, of 145 million consumers in the United States, Canada and the United Kingdom. About 1.7 million Social Security numbers were jeopardized in Oregon alone, according to the state.

Equifax discovered in July that cyber thieves had accessed consumers’ names, addresses, birthdates, Social Security numbers and driver’s license information, but the breach wasn’t reported to consumers until September, according to media reports.

A February letter to U.S. Sen. Elizabeth Warren, D-Massachusetts, showed that additional consumer information was exposed, including tax identification numbers, email addresses and additional driver’s license information.

The House vote in Oregon came on the same day Equifax disclosed that an additional 2.4 million consumers were exposed in the data breach.

“The Equifax data breach was a shocking reminder of how vulnerable we all are to having our sensitive information compromised and falling victim to identity theft,” said Maureen Mahoney, policy analyst for Consumers Union, a division of Consumer Reports. “Identity thieves can ruin a consumer’s credit record by opening fraudulent accounts in their names and running up big bills that go unpaid. By making the security freeze free, Oregon is providing consumers with a powerful safeguard that prevents crooks from doing serious financial damage that can take years to repair.”

The bill would require companies to reveal a breach within 45 days unless law enforcement determines doing so would impede a criminal investigation. Holvey and Sen. Floyd Prozanski, another Democrat from Eugene, co-sponsored the legislation.

Companies would have to report all data breaches to the state Department of Justice.

The Capital Bureau is a collaboration between EO Media Group and Pamplin Media Group.



Marketplace

Share and Discuss

Guidelines

User Comments