Cameron Miranda
Texas and Oregon have recently passed new laws that share similarities with the existing data privacy laws in California, Colorado, Connecticut, Utah, and Virginia. These laws, which come into effect on July 1, 2024, aim to protect consumers and impose requirements on companies collecting and using consumer personal data. While the laws in both states share some commonalities, there are also key differences. For instance, Texas's law has a small business exclusion, while Oregon's law requires businesses to implement administrative, technical, and physical safeguards for personal information. Both states now have rules and registration requirements for data brokers, joining California and Vermont as the only states with such legislation.
| Characteristics | Values |
|---|---|
| Data privacy laws | Both states have passed comprehensive data privacy laws that will take effect in 2024. |
| Consumer privacy laws | Both states have passed consumer privacy laws that grant protections for consumers and impose requirements on companies collecting consumer data. |
| Data broker laws | Both states have passed data broker registration laws that create rules and registration requirements for data brokers. |
| Definition of "data broker" | Texas defines a data broker as "a business entity whose principal source of revenue is derived from the collecting, processing, or transferring of personal data." Oregon's law focuses on entities that "collect and sell" personal data. |
| Exclusions | Texas excludes service providers, government entities, nonprofits, consumer reporting agencies, and financial institutions. Oregon excludes government entities, consumer reporting agencies, financial institutions, and business entities that collect data directly from customers, donors, or investors. |
| Enforcement | In Texas, the Attorney General may impose a civil penalty of $100 per day for violations, up to $10,000 per year. In Oregon, the Attorney General has exclusive authority to enforce the law and must provide 30 days' written notice before initiating an enforcement action. |
| Effective date | The Texas Act went into effect on September 1, 2023. The Oregon Act becomes effective on January 1, 2024. |
| Opt-out rights | The Oregon Act requires a declaration regarding opt-out rights for consumers. The Texas Act does not require a declaration but includes provisions for consumer rights to delete or opt out. |
| Consumer rights | Consumers in both states have the right to know if their data is being processed, to correct inaccuracies, to delete their data, to receive access to their data, and to opt out of data collection. |
Explore related products
What You'll Learn
Consumer privacy laws
Texas and Oregon have recently passed new consumer privacy laws that will come into effect on July 1, 2024. These laws are designed to protect consumers and impose requirements on companies collecting and using consumer personal data. While the laws in both states share some similarities, there are also key differences that businesses should be aware of to ensure compliance.
The Texas Data Privacy and Security Act (TDPSA) applies to any person or business that conducts business in Texas or produces a product or service consumed by Texas residents. It also applies to those who process or sell personal data and are not considered small businesses. Small businesses in Texas are exempt unless they sell sensitive data, in which case they must obtain prior consumer consent. The TDPSA casts a wide net as it can apply to companies outside the state that don't specifically target Texas consumers.
The Oregon Consumer Privacy Act (OCPA), on the other hand, applies to any person or business that conducts business in Oregon or provides products or services to Oregon residents. The law specifies that the business's privacy notice must include the business's name as registered with the Oregon Secretary of State and any assumed business names used in Oregon. Additionally, the OCPA requires controllers to disclose how third parties may process personal data shared with them, going beyond simply disclosing the categories of shared data and third parties.
Both the TDPSA and the OCPA provide consumers with rights related to their personal data, including the right to correct inaccuracies, delete their personal data, receive access to their data, and opt out of their data being used for targeted advertising or profiling. However, a key difference is that the OCPA contains heightened protections for "sensitive data," requiring affirmative "opt-in" consent from consumers.
In terms of enforcement, both the TDPSA and the OCPA do not provide a private right of action. Instead, the Texas Attorney General and the Oregon Attorney General, respectively, have the exclusive authority to enforce the laws. Businesses that violate the privacy laws may be subject to penalties and injunctions.
While the consumer privacy laws in Texas and Oregon share some similarities, businesses operating in these states should carefully review the specific requirements and nuances of each law to ensure compliance and protect consumer privacy.
Law Firms and LLC Interest: Trust Options for Clients
You may want to see also
Explore related products
Data broker registration
Texas and Oregon have recently joined Vermont and California in adopting new rules for data broker laws. Data brokers are entities that collect, process, transfer, or sell personal data that they did not collect directly from consumers.
Texas Data Broker Law
The Texas Data Broker Act requires data brokers to register annually with the Texas Secretary of State (SOS) and pay a $300 fee. The registration statement must include a description of the categories of data the data broker processes and transfers. If the data broker has knowledge that they possess the personal information of a child (age 12 or under), they must include a statement describing how they comply with federal and state law regarding the collection, use, or disclosure of such data. The SOS will maintain a searchable central registry of registered data brokers on its website.
The Texas Attorney General may impose a civil penalty of $100 per day for violations of the law, in addition to any unpaid registration fees, up to a maximum of $10,000 in a 12-month period.
Oregon Data Broker Law
Oregon's data broker registration law, HB 2052, defines a "data broker" as a business entity or part of a business entity that collects and sells or licenses "brokered personal data" about Oregon residents. The law requires data brokers to register annually with the Oregon Department of Consumer and Business Services and pay a fee. The registration submission must include a declaration describing whether and how Oregon residents may opt out of the collection, sale, or licensing of their personal data.
The Department of Consumer and Business Services may impose a civil penalty of $500 per day for violations of the law, with a maximum of $10,000 in a calendar year.
Commonalities
Both Texas and Oregon's data broker laws require registration and include mandates on security protocols, public disclosures, and consumer rights to opt out. The laws also have similar definitions of "data broker", though there are some differences in the specific requirements for registration and enforcement.
Exploring Canon Law: Lay Person's Study Guide
You may want to see also
Explore related products
![Pacific coast collection laws a summary of the laws of California, Nevada, Oregon, Washington, Idaho, Montana, Utah, Wyoming, Arizona, British Columbia, Colorado, New Mexico and Texas, [Leather Bound]](https://m.media-amazon.com/images/I/81nNKsF6dYL._AC_UY218_.jpg)
Consumer rights to delete or opt out
In June 2023, Oregon passed the Oregon Consumer Privacy Act (OCPA), which will come into effect on July 1, 2024. The Act gives Oregon residents some control over how businesses collect and use their personal data. Oregon residents can exercise their rights to access, correct, or delete their personal data by submitting requests directly to individual companies. They can also request a list of third parties that a company has sold their data to. Starting on January 1, 2026, Oregon residents will be able to opt out of data sales more easily by downloading a tool called a universal opt-out mechanism.
The Texas Data Privacy and Security Act grants Texas residents several key rights over their personal data. This includes the right to know whether a company is processing their personal data, to obtain that data in a readable format, to correct inaccuracies, to delete personal data, and to opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling. Texas residents can exercise these rights through an online portal, U.S. Mail, or over the phone.
Both the Oregon and Texas laws include mandates on consumer rights to delete or opt out. However, the specific provisions and procedures for exercising these rights differ between the two states. While Oregon residents will be able to opt out of data sales through a universal opt-out mechanism, Texas residents can opt out of targeted advertising, data sales, and profiling. Texas residents also have the right to request the correction or deletion of their personal data, which is also a right granted to Oregon residents.
Understanding the Combined Gas Law and Pressure in mmHg
You may want to see also
Explore related products
Small business exclusions
Texas and Oregon, despite their differences in size, population, and political leanings, do share some common ground when it comes to certain laws and regulations, particularly in the realm of small businesses. While the specific laws and their applications may vary between the two states, there are some notable similarities in how they approach and support small businesses.
One area of commonality is in the form of small business exclusions or exemptions, which are designed to provide relief and simplify compliance for smaller enterprises. Both Texas and Oregon recognize the unique challenges faced by small businesses and have implemented measures to ease their operational burden. These exclusions often relate to specific licenses, permits, and regulatory requirements, offering a more streamlined approach for businesses below certain thresholds.
For instance, both states offer sales tax exemptions for small businesses. In Texas, small businesses that make less than $500,000 in sales annually are generally exempt from collecting and remitting sales tax. Similarly, Oregon, which does not have a general state-level sales tax, offers a variety of exclusions and exemptions for small businesses in relation to other taxes and fees. This includes property tax exclusions for small businesses, as well as reduced filing fees for certain business registration and reporting requirements.
Additionally, Texas and Oregon share similarities in their approach to certain regulatory requirements. For example, both states have comparable laws regarding occupational licensing exclusions for specific low-risk occupations. These exclusions are designed to reduce barriers to entry for small businesses and sole proprietors in industries such as pet grooming, hair braiding, and certain trades like painting or flooring installation. By reducing or eliminating the need for licenses in these areas, it becomes easier for small businesses to operate and compete.
Another area of alignment is in their support for small-scale agriculture and local food producers. Both Texas and Oregon offer cottage food laws, which allow individuals to produce and sell certain low-risk food items made in their own homes without the need for a commercial kitchen or extensive licensing. These laws enable small businesses, such as home bakers or jam makers, to thrive and contribute to local economies.
While there are certainly many differences in the specific laws and regulations between Texas and Oregon, the shared focus on supporting small businesses through exclusions and exemptions highlights a common understanding of the unique challenges faced by this sector. These similarities provide a framework for small businesses to operate and grow, contributing to the diverse economic landscapes of both states.
The Impact of Technology on Lawmaking
You may want to see also
Explore related products
Data protection assessments
Texas and Oregon have recently adopted new rules for data broker laws, with both states set to have active data broker laws and implementing regulations by January 1, 2024. While the specific provisions of these laws differ, they both aim to protect consumer data privacy and impose requirements on companies collecting and processing consumer personal data. Here is an overview of the data protection assessments and related provisions in the new laws of Texas and Oregon:
Texas Data Privacy and Security Act (TDPSA)
The Texas Data Privacy and Security Act (TDPSA), which takes effect on July 1, 2024, applies to a wide range of entities, including any individual or business that conducts business in Texas, produces products or services consumed by Texas residents, or processes/sells personal data. Notably, Texas is the first state to determine applicability based on the absence of a small-business designation. The TDPSA grants exemptions to certain types of entities, including financial institutions, nonprofits, institutions of higher education, and electric utilities. In terms of data protection assessments, the TDPSA requires businesses to conduct a data protection impact assessment if they process or sell sensitive personal information or use personal information for targeted advertising. This assessment must be made available to the attorney general upon request. Additionally, Texas has enacted the Texas Data Broker Law, which focuses on data security and defines a "data broker" as a business entity whose primary source of revenue comes from collecting, processing, or transferring personal data that was not directly collected from individuals.
Oregon Consumer Privacy Act (OCPA)
The Oregon Consumer Privacy Act (OCPA), also taking effect on July 1, 2024, applies to any person or business that conducts business in Oregon or provides products or services to Oregon residents, with certain thresholds for the number of consumers whose data is processed. Oregon's law emphasizes transparency and grants consumers various rights, including the right to request a list of third parties to which their personal information has been disclosed. In terms of data protection assessments, the OCPA requires businesses to implement administrative, technical, and physical safeguards for personal information. Additionally, Oregon has adopted the Data Brokers Registry, which allows residents to opt out of the sale of their personal data.
Similarities and Differences
Both the Texas and Oregon laws grant consumers protections for their personal data and require companies to comply with specific data handling practices. While Texas focuses more on data security, Oregon emphasizes transparency and provides heightened protections for sensitive data. Both states require businesses to conduct data protection assessments in certain circumstances, such as when processing or selling sensitive personal information. However, the specific triggers and requirements for these assessments differ between the two states. Additionally, while Texas grants enforcement authority to the state attorney general, Oregon's law does not provide consumers with a private right of action.
Good Soldiers in Dungeons and Dragons: Lawful or Chaotic?
You may want to see also
Frequently asked questions
Texas and Oregon have both passed laws to protect consumer privacy and data privacy. These laws are similar in nature and scope to the consumer privacy laws in Virginia, Colorado, and Connecticut. The laws are designed to grant protections for consumers and impose requirements on companies collecting consumer data.
The Texas Data Broker Law defines a "data broker" as "a business entity whose principal source of revenue is derived from the collecting, processing, or transferring of personal data that the entity did not collect directly from the individual linked or linkable to the data." The law includes exclusions for service providers, government entities, nonprofits, consumer reporting agencies, and financial institutions.
The Oregon Data Broker Law defines a "data broker" in alignment with Vermont and California, describing the term as "a business entity or part of a business entity that collects and sells or licenses brokered personal data to another person." The law includes exclusions for government entities, consumer reporting agencies, financial institutions, and business entities that collect data directly from their customers, donors, and/or investors.
