Friday, March 9, 2007

Data Theft Bill Introduced in Oregon Senate

Today's news includes reports that a data theft disclosure bill has been introduced in the Oregon Senate. SB 583, the Oregon Consumer Identity Theft Protection Act, might give a little more protection to consumers whose identity information is stolen or lost.

The bill allows consumers to obtain credit freezes, and it generally requires businesses who handle sensitive identity information, like drivers' licenses and social security numbers, to handle it more carefully.

The bill also requires businesses to alert consumers when there are big data breaches. The most memorable data loss in Oregon, the Providence Hospital's data loss of 365,000 patients' confidential information, would qualify. But there are a few big holes. The bill lets the business decide if it really needs to notify consumers. It doesn't have to do so if it thinks that it's reasonable not to notify consumers. Before passing it in its current form, let' s hope that lawmakers talk to some of the Providence patients to get a sense of whether it's a good idea to trust the businesses to decide what is reasonable.

Still, the credit freeze procedure is a help. And the bill gives authority to the state to enforce the law. In those ways it's an improvement of sorts.

Paul & Sugerman continues to represent the Providence patients in the data loss case against Providence. In that case, we're seeking repair measures and compensation for the 365,000 patients affected by the data loss. We're still waiting for the trial judge to rule on Providence's motion to dismiss.

David F. Sugerman
Paul & Sugerman, PC

No comments: