Oregon has become one of the latest states to adopt a comprehensive data privacy law. The Oregon Consumer Privacy Act (“OCPA” or the “Act”) takes effect July 1, 2024, and mirrors its other U.S. privacy law counterparts, with a few unique distinctions. Here is what you need to know.
Scope. The OCPA applies to (i) any person or entity who conducts business in Oregon or provides products or services to residents in Oregon and (ii) during a calendar year, controls or processes:
- The personal data of 100,000 or more consumers (other than personal data controlled or processed solely for the completion of a payment transaction) or
- The personal data of 25,000 or more consumers while deriving 25 percent or more of annual revenue from selling personal data.