- (1) A data broker shall disclose to the director of any breach of security as required in ORS 646A.604 within 45 days of any such breach.
(2) A registered data broker shall notify the director within 45 days following:
- (a) Any changes in the information required on the data broker under OAR 441-840-0020 or OAR 441-840-0040;
- (b) Any other material changes to information submitted in registration application under OAR 441-840-0020 or OAR 441-840-0040.
- (c) Any change in assumed business name registered with Secretary of State.
- (3) A data broker’s registration may be terminated or suspended for any violation of OAR 441-840-0070(2).
Statutory/Other Authority
ORS 646A.593(8) & 646A.626
Statutes/Other Implemented
ORS 646A.593(2) - 646A.593(4) & 646A.604(3)
History
FSR 3-2024, adopt filed 05/21/2024, effective 05/28/2024
FSR 3-2023, temporary adopt filed 11/29/2023, effective 12/01/2023 through 05/28/2024