State privacy overview

Oregon Data Privacy: A Plain-Language Overview

Informational summary · Oregon Consumer Privacy Act (OCPA)
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

Oregon Consumer Privacy Act (OCPA)

Status: Effective July 1, 2024; enforceable by the Attorney General.

Oregon passed a comprehensive consumer privacy law similar to those in other states, granting residents the right to access, delete, and opt-out of the sale of their data. It places restrictions on the use of sensitive personal information and requires businesses to ensure data protection. Enforcement is handled exclusively by the state Attorney General, rather than through a private right of action.

Rights residents generally have

Who it generally applies to

Applies to for-profit entities that do business in Oregon and handle personal data of 100,000+ consumers (excluding payment transactions), or derive 25%+ of gross revenue from selling personal data and handle data of 25,000+ consumers.

What this means for B2B outreach

The OCPA applies to 'consumer' data, largely excluding data about individuals acting as employees or contractors of a business. However, business contact information (like a work email) used for a commercial purpose is generally exempt, while personal communications used for marketing may still fall under scope.

Authoritative source: Oregon Department of Justice (Attorney General). Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews