2015 ORS 646A.602¹
Definitions for ORS 646A.600 to 646A.628

As used in ORS 646A.600 (Short title) to 646A.628 (Allocation of moneys):

(1)(a) Breach of security means an unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal information that a person maintains.

(b) Breach of security does not include an inadvertent acquisition of personal information by a person or the persons employee or agent if the personal information is not used in violation of applicable law or in a manner that harms or poses an actual threat to the security, confidentiality or integrity of the personal information.

(2) Consumer means an individual resident of this state.

(3) Consumer report means a consumer report as described in section 603(d) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(d)), as that Act existed on January 1, 2016, that a consumer reporting agency compiles and maintains.

(4) Consumer reporting agency means a consumer reporting agency as described in section 603(p) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(p)) as that Act existed on January 1, 2016.

(5) Debt means any obligation or alleged obligation arising out of a consumer transaction.

(6) Encryption means an algorithmic process that renders data unreadable or unusable without the use of a confidential process or key.

(7) Extension of credit means a right to defer paying debt or a right to incur debt and defer paying the debt, that is offered or granted primarily for personal, family or household purposes.

(8) Identity theft has the meaning set forth in ORS 165.800 (Identity theft).

(9) Identity theft declaration means a completed and signed statement that documents alleged identity theft, using the form available from the Federal Trade Commission, or another substantially similar form.

(10) Person means an individual, private or public corporation, partnership, cooperative, association, estate, limited liability company, organization or other entity, whether or not organized to operate at a profit, or a public body as defined in ORS 174.109 (Public body defined).

(11) Personal information means:

(a) A consumers first name or first initial and last name in combination with any one or more of the following data elements, if encryption, redaction or other methods have not rendered the data elements unusable or if the data elements are encrypted and the encryption key has been acquired:

(A) A consumers Social Security number;

(B) A consumers driver license number or state identification card number issued by the Department of Transportation;

(C) A consumers passport number or other identification number issued by the United States;

(D) A consumers financial account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to a consumers financial account;

(E) Data from automatic measurements of a consumers physical characteristics, such as an image of a fingerprint, retina or iris, that are used to authenticate the consumers identity in the course of a financial transaction or other transaction;

(F) A consumers health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier that a health insurer uses to identify the consumer; or

(G) Any information about a consumers medical history or mental or physical condition or about a health care professionals medical diagnosis or treatment of the consumer.

(b) Any of the data elements or any combination of the data elements described in paragraph (a) of this subsection without the consumers first name or first initial and last name if:

(i) Encryption, redaction or other methods have not rendered the data element or combination of data elements unusable; and

(ii) The data element or combination of data elements would enable a person to commit identity theft against a consumer.

(c) Personal information does not include information in a federal, state or local government record, other than a Social Security number, that is lawfully made available to the public.

(12) Proper identification means written information or documentation that a consumer or representative can present to another person as evidence of the consumers or representatives identity, examples of which include:

(a) A valid Social Security number or a copy of a valid Social Security card;

(b) A certified or otherwise official copy of a birth certificate that a governmental body issued; and

(c) A copy of a driver license or other government-issued identification.

(13) Protected consumer means an individual who is:

(a) Not older than 16 years old at the time a representative requests a security freeze on the individuals behalf; or

(b) Incapacitated or for whom a court or other authority has appointed a guardian or conservator.

(14) Protective record means information that a consumer reporting agency compiles to identify a protected consumer for whom the consumer reporting agency has not prepared a consumer report.

(15) Redacted means altered or truncated so that no more than the last four digits of a Social Security number, driver license number, state identification card number, passport number or other number issued by the United States, financial account number, credit card number or debit card number is visible or accessible.

(16) Representative means a consumer who provides a consumer reporting agency with sufficient proof of the consumers authority to act on a protected consumers behalf.

(17) Security freeze means a notice placed in a consumer report at a consumers request or a representatives request or in a protective record at a representatives request that, subject to certain exemptions, prohibits a consumer reporting agency from releasing information in the consumer report or the protective record for an extension of credit, unless the consumer temporarily lifts the security freeze on the consumers consumer report or a protected consumer or representative removes the security freeze on or deletes the protective record. [2007 c.759 §2; 2013 c.415 §1; 2015 c.357 §1]

1 Legislative Counsel Committee, CHAPTER 646A—Trade Regulation, https://­www.­oregonlegislature.­gov/­bills_laws/­ors/­ors646A.­html (2015) (last ac­cessed Jul. 16, 2016).
2 OregonLaws.org contains the con­tents of Volume 21 of the ORS, inserted along­side the per­tin­ent statutes. See the preface to the ORS An­no­ta­tions for more information.
3 OregonLaws.org assembles these lists by analyzing references between Sections. Each listed item refers back to the current Section in its own text. The result reveals relationships in the code that may not have otherwise been apparent.