What is Deidentified Data in the Oregon Consumer Privacy Act (“OCPA”)?

What is Deidentified Data in the Oregon Consumer Privacy Act (“OCPA”)?

Deidentified data means data that:

(a) Cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable consumer, or to a device that identifies, is linked to or is reasonably linkable to a consumer; or

(b) Is:

(A) Derived from patient information that was originally created, collected, transmitted or maintained by an entity subject to regulation under the Health Insurance Portability and Accountability Act of 1996, P.L. 104-191, as in effect on the effective date of this 2023 Act, or the Federal Policy for the Protection of Human Subjects, codified as 45 C.F.R. part 46 and in various other deferral regulations, as codified in various sections of the Code of Federal Regulations and as in effect on the effective date of this 2023 Act; and

(B) Deidentified as provided in 45 C.F.R. 164.514, as in effect on the effective date of this 2023 Act.

 

Stay Ahead of the Curve! Explore our comprehensive CLIClaw Oregon Privacy Compliance Library for in-depth resources and insights.

 

These materials were obtained directly from the State Government public websites and are posted here for your review and reference only.  No Claim to Original State Government Works.  This may not be the most recent version.  The State may have more current information.  We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to.  Please check the linked sources directly.