Oregon recently joined Vermont and California as the third state requiring data broker registration before collecting, selling, or licensing “brokered personal data.” Several types of entities are exempt from the law. These include those collecting information from their customers, subscribers or users or those in a “similar” relationship or an entity acting as those companies’ agents. Also exempt are consumer reporting agencies, financial institutions, and affiliates or nonaffiliated third parties of financial institutions subject to GLBA. The new law takes effect on January 1, 2024.
Continue Reading In 2024 Oregon Will Join Short List of States Requiring Data Broker Registration