Oregon Attorney General Pushes for Online 'Bill of Rights'

The state's head law enforcement official is pushing for Legislature to adopt a bill in the coming session that would prohibit companies from amassing student information and selling it to marketing companies.

by Ian K. Kullgren, The Oregonian / December 11, 2014
Ellen Rosenblum, Oregon Attorney General Flickr/Oregon Department of Trasnportation

(TNS) -- Oregon Attorney General Ellen Rosenblum urged state lawmakers Wednesday to strengthen privacy laws to prevent technology companies from surreptitiously collecting and selling Oregonians' personal information.

The state's head law enforcement official said she will push the Legislature to adopt a bill in the coming session that would prohibit companies from amassing student information and selling it to marketing companies who use it to target ad sales. She said she's concerned that K-12 students are using school-sanctioned programs that unwittingly store personal information.

"We essentially need a consumer bill of rights so that people know what their rights are online," Rosenblum told reporters. "There's great things about technology, but we have to inform the people, we have to inform parents and the kids so we can be protected better online as well as offline."

Testifying before a joint meeting of the House and Senate Judiciary committees, Rosenblum said the state's privacy laws are too outdated to guard residents' personal information, including home addresses, medical information and insurance data.

"Oregonians should know how their online data is being used and, of course, who it's being sold to," Rosenblum said.

Ellen Rosenblum Oregon Attorney General Ellen Rosenblum discusses weaknesses is the state's online privacy laws.

The student privacy bill would resemble legislation signed by California Gov. Jerry Brown in September requiring schools' contracts with technology vendors to include privacy language prohibiting the collection and dissemination of student information. The law, named the Student Online Personal Information Protection Act, also places responsibility on technology companies to secure student data.

"It's nearly impossible to figure out where it's being used, who it's given to and where it's going," Nate Cardozo, an attorney for the San Francisco-based Electronic Frontier Foundation, testified at the meeting. "Oregonians should not have to give up their rights just by virtue of participating in the modern world."

Rosenblum's call comes in the wake of large-scale data breaches at the Oregon Employment Department and Secretary of State's Office, which compromised the personal information of more than a million people.

Hackers in the Secretary of State breach probably exploited a weakness in the department's software that state IT officials failed to patch, according to documents obtained by The Oregonian in June.

A breach in Target's computer systems last year exposed personal information of 70 million customers worldwide, including 800,000 in Oregon, according to the attorney general's office.\

©2014 The Oregonian (Portland, Ore.)