Oregon Consumer Privacy Act
SB 619
Regulatory Snapshot: Oregon Consumer Privacy Act
Oregon Consumer Privacy Act (SB 619) is an enacted law in Oregon under the Data Privacy category. It was enacted on 2023-07-18 and becomes effective on 2024-07-01. Oregon currently reports 8 tracked regulations with 8 already in force, giving the state a regulatory strictness score of 62/100 relative to the national baseline. PlainRegWatch last verified this entry on 2026-03-18.
Nationally, 21 states have enacted data privacy statutes and 0 additional bills remain pending — 21 distinct jurisdictions have codified rules in this area so far. That places Oregon within a mature and broadly adopted data privacy landscape where compliance programs typically hinge on definitions in SB 619 itself.
Applicability under Oregon Consumer Privacy Act: 100K+ consumers, or 25K+ with 25%+ data sale revenue. Includes nonprofits. Penalty exposure is documented as: $7,500/violation. AG with 30-day cure (sunsets Jan 2026). Notable exemptions: HIPAA, GLBA, government (nonprofits NOT exempt)..
Summary
Strong law with no revenue thresholds. One of few applying to nonprofits.
Key Requirements
Full rights. Universal opt-out. Data protection assessments. Nonprofit coverage.
Penalties
$7,500/violation. AG with 30-day cure (sunsets Jan 2026).
Applicability
100K+ consumers, or 25K+ with 25%+ data sale revenue. Includes nonprofits.
Exemptions
HIPAA, GLBA, government (nonprofits NOT exempt).
Frequently Asked Questions
Which states have data privacy regulations?
As of the last verification, 21 states have enacted data privacy regulations, with 0 additional bills pending across other states. Oregon is among the states that has enacted such legislation. Browse all data privacy regulations at plainregwatch.com for the complete state-by-state comparison.
When was Oregon Consumer Privacy Act enacted?
Oregon Consumer Privacy Act was enacted on 2023-07-18 and became effective on 2024-07-01. It was introduced as SB 619.
What are the penalties for violating Oregon Consumer Privacy Act?
$7,500/violation. AG with 30-day cure (sunsets Jan 2026). Note that enforcement mechanisms and penalty structures may vary. Consult the official statute and qualified legal counsel for specific compliance requirements.
Does Oregon Consumer Privacy Act apply to small businesses?
100K+ consumers, or 25K+ with 25%+ data sale revenue. Includes nonprofits. Many state regulations include thresholds or exemptions for smaller organizations. Review the full applicability criteria and consult legal counsel to determine your obligations.
How does Oregon compare to other states on data privacy?
Oregon has a regulatory strictness score of 62/100, based on 8 enacted regulations out of 8 tracked. Nationally, 21 states have enacted data privacy laws. Visit our state comparison page for a full ranking.
Where can I read the full text of Oregon Consumer Privacy Act?
The official text of Oregon Consumer Privacy Act (SB 619) is available from the Oregon legislature. PlainRegWatch links to the official source for every tracked regulation. We recommend reviewing the full statute alongside qualified legal counsel for compliance planning.
Regulation Guides
Plain-language guides to help you understand the broader regulatory landscape.
Related Federal Data
Explore federal datasets connected to state regulation and enforcement.
PlainInfluence
Federal lobbying and influence data — see who shapes state regulation
PlainSpending
Federal spending data — track enforcement budgets behind regulations
PlainGovJobs
Government workforce data — agencies enforcing state and federal rules
PlainEnviro
EPA enforcement and environmental compliance across all 50 states
Explore Regulations
Disclaimer: This summary is provided for informational purposes only and does not constitute legal advice. Regulation details may have changed since last verification (2026-03-18). Always consult official sources and qualified legal counsel for compliance guidance.
Read our methodology — how this data is sourced, computed, and verified.
Related
| Publisher | Kiznis Studio |
| Sources | Public state legislatures, IAPP, NCSL, and federal regulatory trackers |