CONTENTS
New Jersey Privacy Act. .............................................................................................................................................................................. 343
56:8-166.4. Definitions relating to the processing and collection of personal data. ........................................................................................ 344
56:8-166.5. Applicability; controllers conducting business within the State; processing or controlling personal data. ........................... 346
56:8-166.6. Privacy notice; requirements; contents; controller duties .............................................................................................................. 346
56:8-166.7. Verified request response; requirements; applicability; notice ...................................................................................................... 347
56:8-166.8. Discrimination against consumer for opting out prohibited . .......................................................................................................... 347
56:8-166. Unlawful practice; improper use of personal information . ................................................................................................................. 348
56:8-166.9. Waiver of requirements; void; unenforceable . ................................................................................................................................... 348
56:8-166.10. Consumer rights; personal data . ......................................................................................................................................................... 348
56:8-166.11. Designating authorized agent to opt out of the processing and sale of personal data; requirements . .............................. 348
56:8-166.12. Duties and responsibilities of controller in the collection and processing of personal data; security . ............................... 349
56:8-166.13. Application of act; exceptions . ............................................................................................................................................................ 350
56:8-166.14. Controller requirements ....................................................................................................................................................................... 351
56:8-166.15. Compliance; controller’s or processor’s ability ................................................................................................................................ 351
56:8-166.16. Controllers and processors respective obligations . ........................................................................................................................ 353
56:8-166.17. Violations; enforcement actions . ........................................................................................................................................................ 354
56:8-166.18. Rules and regulations . ........................................................................................................................................................................... 354
56:8-166.19. Authority; enforcement ........................................................................................................................................................................ 354
Oregon Privacy Act...................................................................................................................................................................................... 355
Section 646A.570. Definitions. ..................................................................................................................................................................................... 356
Section 646A.572. Scope and application; exclusions ........................................................................................................................................... 359
Section 646A.574. Consumer requests for personal data; requirement to correct inaccuracies;
requirement to delete personal data; conditions under which consumer may opt out of personal data processing;
format for providing copy of personal data to consumer. ....................................................................................................................................... 362
Section 646A.576. Method for requesting personal data; persons who may request personal data on consumer’s behalf;
designation by consumer; duties of controller; process for appealing controller’s refusal of consumer request...................................... 363
Section 646A.578. [Operative until 1/1/2026] Duties of controller; prohibitions; privacy notice to consumer...................................... 364
Section 646A.581. Duties of processor of personal data; contract between controller and processor; liabilities of
controller and processor................................................................................................................................................................................................. 366
Section 646A.583. Controller’s use of deidentified data; exclusions . ................................................................................................................. 368
Section 646A.586. Data protection assessment for processing activities with heightened risk of harm; criteria
for conducting data protection assessment; provision to Attorney General; retention of records; confidentiality.................................. 368
Section 646A.589. [Operative 7/1/2024] Investigative demand by Attorney General; representation by counsel;
confidentiality of proceedings and materials; action to impose civil penalty or obtain injunction; amount of civil
penalty; notice of violation; time limit on action; Attorney General’s exclusive authority.............................................................................. 369
Section 646A.589. [Operative 1/1/2026] Investigative demand by Attorney General; representation by counsel;
confidentiality of proceedings and materials; action to impose civil penalty or obtain injunction; amount of civil
penalty; notice of violation; time limit on action; Attorney General’s exclusive authority . ............................................................................ 371
Rhode Island Data Transparency and Privacy Protection Act........................................................................................................... 373
SECTION 1. Legislative findings. . ............................................................................................................................................................................ 374
SECTION 2. Title 6 of the General Laws entitled “COMMERCIAL LAW — GENERAL REGULATORY PROVISIONS” is hereby amended
by adding thereto the following chapter: . .............................................................................................................................................................. 374
CHAPTER 48.1 RHODE ISLAND DATA TRANSPARENCY AND PRIVACY PROTECTION ACT............................................................... 374
6-48.1-1. Short title. . ...................................................................................................................................................................................................... 374
6-48.1-2. Definitions. . ................................................................................................................................................................................................... 374
6-48.1-3. Information sharing practices. ................................................................................................................................................................... 377
| General Privacy Laws Deskbook: US State Laws and GDPR
13