Starting Oct. 1, Oregon businesses and organizations that collect and maintain personal identifying information will need to follow requirements to help protect their customers from identity theft.

The Oregon Consumer Identity Theft Protection Act, passed by the 2007 Legislature, prohibits the public display or disclosure of Social Security numbers, and requires businesses to notify their customers if there is a breach in security. Both these provisions go into effect Oct. 1. Another key component of the law, safeguarding personal information, carries a Jan. 1 effective date.

A person's Social Security number is highly coveted by those who commit identity theft. To ensure protection, the new law prohibits individuals, private or public corporations, organizations, or other entities that maintain this information from printing Social Security numbers on cards or documents or publicly displaying or posting a Social Security number.

In addition, the new law requires businesses and organizations to notify their customers, in the most expedient time possible, of any security breach of personal identifying information. Personal information includes a consumer's name, Social Security number, driver's license number, financial account, or credit or debit card number, unless the information has been made unusable with encryption, redaction, or other means. In most cases, notification can be done in writing; however, the law does allow for electronic notification if this is the primary means of communication between the organization and the customer. If the cost of notification is more than $250,000 or the number of individuals to be notified is more than 350,000, the business may notify through major Oregon television and newspaper media.

The law also provides Oregon businesses with strong standards in protecting personal information by requiring them, by Jan. 1, 2008, to develop, implement, and maintain reasonable safeguards. This includes a number of measures such as designating one or more employees to coordinate a security program; assessing information processing, transmission, and storage risks; and detecting, preventing, and responding to intrusions. It also includes the proper disposal of information through shredding, burning or pulverizing, or rendering it unreadable in electronic form through encryption or similar procedure.

Both businesses and consumers take a large financial hit by those who steal personal information. According to the Federal Trade Commission, identity theft costs businesses in the U.S nearly $48 billion every year. Oregon is ranked the 13th worst in the nation for this crime.

Consumers, through this law, will have the tools to prevent identity theft by having the right to request a "freeze" on their credit report starting Oct. 1. A freeze will block someone from opening a new account or borrowing money using another person's name or personal information.

The Oregon Department of Consumer and Business Services is charged with enforcing the Identity Theft Protection Act, and its Division of Finance and Corporate Securities is developing materials and presentations for businesses to better understand their rights and responsibilities. For more information, click here or call 503-378-4140, or toll-free at 1 (866) 814-9710.