Bill Text: OR HB2615 | 2011 | Regular Session | Engrossed
Bill Title: Relating to the privacy of identification documents; declaring an emergency.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Failed) 2011-06-30 - In committee upon adjournment. [HB2615 Detail]
Download: Oregon-2011-HB2615-Engrossed.html
76th OREGON LEGISLATIVE ASSEMBLY--2011 Regular Session
NOTE: Matter within { + braces and plus signs + } in an
amended section is new. Matter within { - braces and minus
signs - } is existing law to be omitted. New sections are within
{ + braces and plus signs + } .
LC 2135
A-Engrossed
House Bill 2615
Ordered by the House April 12
Including House Amendments dated April 12
Sponsored by Representative SCHAUFLER (at the request of Oregon
Bankers Association) (Presession filed.)
SUMMARY
The following summary is not prepared by the sponsors of the
measure and is not a part of the body thereof subject to
consideration by the Legislative Assembly. It is an editor's
brief statement of the essential features of the measure.
Authorizes financial institutions to swipe information from
individual's driver license, driver permit or identification card
when establishing or maintaining contract or account or providing
goods or services.
{ + Adds expiration date of driver license or identification
card to type of information that may be swiped for purposes
related to preventing fraud or other criminal activity or
transmitting information to check services company. + }
Declares emergency, effective on passage.
A BILL FOR AN ACT
Relating to the privacy of identification documents; amending ORS
807.745 and 807.750; and declaring an emergency.
Be It Enacted by the People of the State of Oregon:
SECTION 1. ORS 807.745 is amended to read:
807.745. The Legislative Assembly finds that:
(1) Oregon recognizes the importance of protecting the
confidentiality and privacy of an individual's personal
information contained in driver licenses, driver permits and
identification cards.
(2) Machine-readable features found on driver licenses, driver
permits and identification cards are intended to facilitate
verification of age or identity, not to facilitate { + the
unrestricted + } collection of personal information about
individuals nor to facilitate the { + unrestricted + } creation
of private databases of transactional information associated with
those individuals.
(3) Easy access to the information found on driver licenses,
driver permits and identification cards facilitates the crime of
identity theft, which is a major concern in Oregon.
SECTION 2. ORS 807.750 is amended to read:
807.750. (1) As used in this section:
(a) 'Driver license' means a license or permit issued by this
state or any other jurisdiction as evidence of a grant of driving
privileges.
{ + (b) 'Financial institution' has the meaning given that
term in ORS 706.008. + }
{ - (b) - } { + (c) + } 'Identification card' means the
card issued under ORS 807.400 or a comparable provision in
another state.
{ - (c) - } { + (d) + } 'Personal information' means an
individual's name, address, date of birth, photograph,
fingerprint, biometric data, driver license number,
identification card number or any other unique personal
identifier or number.
{ - (d) - } { + (e) + } 'Private entity' means any
nongovernmental entity, such as a corporation, partnership,
company or nonprofit organization, any other legal entity or any
natural person.
{ - (e) - } { + (f) + } 'Swipe' means the act of passing a
driver license or identification card through a device that is
capable of deciphering, in an electronically readable format, the
information electronically encoded in a magnetic strip or bar
code on the driver license or identification card.
(2) Except as provided in subsection (6) of this section, a
private entity may not swipe an individual's driver license or
identification card, except for the following purposes:
(a) To verify the authenticity of a driver license or
identification card or to verify the identity of the individual
if the individual pays for a good or service with a method other
than cash, returns an item or requests a refund.
(b) To verify the individual's age when providing an
age-restricted good or service to any person about whom there is
any reasonable doubt of the person's having reached 21 years of
age.
(c) To prevent fraud or other criminal activity if an
individual returns an item or requests a refund and the private
entity uses a fraud prevention service company or system.
(d) To transmit information to a check services company for the
purpose of approving negotiable instruments, electronic funds
transfers or similar methods of payment.
(3) A private entity that swipes an individual's driver license
or identification card under subsection (2)(a) or (b) of this
section may not store, sell or share personal information
collected from swiping the driver license or identification card.
(4) A private entity that swipes an individual's driver license
or identification card under subsection (2)(c) or (d) of this
section may store or share the following information collected
from swiping an individual's driver license or identification
card for the purpose of preventing fraud or other criminal
activity against the private entity:
(a) Name;
(b) Address;
(c) Date of birth; { - and - }
(d) Driver license number or identification card number
{ - . - } { + ; and
(e) The expiration date of the driver license or identification
card. + }
(5)(a) A person other than an entity regulated by the federal
Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., who receives
personal information from a private entity under subsection (4)
of this section may use the personal information received only to
prevent fraud or other criminal activity against the private
entity that provided the personal information.
(b) A person who is regulated by the federal Fair Credit
Reporting Act and who receives personal information from a
private entity under subsection (4) of this section may use or
provide the personal information received only to effect,
administer or enforce a transaction or prevent fraud or other
criminal activity, if the person provides or receives personal
information under contract from the private entity.
(6)(a) Subject to the provisions of this subsection, a private
entity that is a commercial radio service provider that provides
service nationally and that is subject to the Telephone Records
and Privacy Protection Act of 2006 (18 U.S.C. 1039) { + or a
private entity that is a financial institution + } may swipe an
individual's driver license or identification card if the entity
obtains permission from the individual to swipe the individual's
driver license or identification card.
(b) The private entity may swipe the individual's driver
license or identification card only for the purpose of
establishing or maintaining a contract { + or account + }
between the private entity and the individual { + or providing
goods or services to the individual + }. Information collected by
swiping an individual's driver license or identification card for
the establishment or maintenance of a contract { + or account or
the provision of goods or services + } shall be limited to the
following information from the individual:
(A) Name;
(B) Address;
(C) Date of birth; { - and - }
(D) Driver license number or identification card number
{ - . - } { + ; and
(E) The expiration date of the driver license or identification
card. + }
(c) If the individual does not want the private entity to swipe
the individual's driver license or identification card, the
private entity may manually collect the following information
from the individual:
(A) Name;
(B) Address;
(C) Date of birth; { - and - }
(D) Driver license number or identification card number
{ - . - } { + ; and
(E) The expiration date of the driver license or identification
card. + }
(d) The private entity may not withhold the provision of goods
or services solely as a result of the individual requesting the
collection of the following information from the individual
through manual means:
(A) Name;
(B) Address;
(C) Date of birth; { - and - }
(D) Driver license number or identification card number
{ - . - } { + ; and
(E) The expiration date of the driver license or identification
card. + }
(7) A governmental entity may swipe an individual's driver
license or identification card only if:
(a) The individual knowingly makes the driver license or
identification card available to the governmental entity;
(b) The governmental entity lawfully confiscates the driver
license or identification card;
(c) The governmental entity is providing emergency assistance
to the individual who is unconscious or otherwise unable to make
the driver license or identification card available; or
(d) A court rule requires swiping of the driver license or
identification card to facilitate accurate linking of court
records pertaining to the individual.
(8) In addition to any other remedy provided by law, an
individual may bring an action to recover actual damages or
$1,000, whichever is greater, and to obtain equitable relief, if
equitable relief is available, against an entity that swipes,
stores, shares, sells or otherwise uses the individual's personal
information in violation of this section. A court shall award a
prevailing plaintiff reasonable costs and attorney fees. If a
court finds that a violation of this section was willful or
knowing, the court may increase the amount of the award to no
more than three times the amount otherwise available.
(9) Any waiver of a provision of this section is contrary to
public policy and is void and unenforceable.
SECTION 3. { + This 2011 Act being necessary for the immediate
preservation of the public peace, health and safety, an emergency
is declared to exist, and this 2011 Act takes effect on its
passage. + }
----------
