Or. Rev. Stat. § 276A.306
(1) As used in this section:
(b) “Information security assessment” means:
(B) An independent examination and review of records, logs, policies, activities and practices to:
(c) “Information security incident” means an incident that creates a risk of harm to a state agency or the state agency’s operations and in which:
(d)
(e) “State agency” means an officer, board, commission, department, agency or institute of state government, as defined in ORS 174.111, except:
(4)
(5)
(b)
(B) The Legislative Fiscal Officer or an employee of the Legislative Fiscal Office may disclose the nature or contents of the notifications or information described in subparagraph (A) of this paragraph if the officer or employee obtains the written consent of:
[2016 c.110 §1]