Oregon - Session 2026R1
Title: Requires a local government, local service district or special government body to notify and submit a report to the State Chief Information Officer within 48 hours of an information security incident or ransomware incident.
Tells a local public body to give a report to the state when there is an information security incident. Prescribes what must be in the report. (Flesch Readability Score: 63.4). Requires a local government, local service district or special government body to notify and submit a report to the State Chief Information Officer within 48 hours of an information security incident or ransomware incident. Prescribes the information that a public body is required to report. Directs the State Chief Information Officer to establish a reporting system that allows a public body to submit a notification or report in a timely, secure and confidential manner. Directs the State Chief Information Officer to create a webpage to provide instructions on how to provide notification and submit a report. Requires the State Chief Information Officer to provide an annual report to the Governor and the Joint Legislative Committee on Information Management and Technology on the information security incidents and ransomware incidents reported for the preceding year. Exempts information security incident or ransomware incident reports from disclosure under public records laws and allows for the sharing of information under certain circumstances. Becomes operative July 1, 2026. Declares an emergency, effective on passage.
Tracking state legislation? Support LegiList with a small contribution. Independent, ad-free, and built by one developer.
| Date | Event | Detail |
|---|---|---|
| 2026-02-02 | Introduced | Bill introduced |
| 2026-02-06 | Status | introduced |
| 2026-02-06 | Latest Action | Public Hearing held. |
| Bill | Title | Status |
|---|---|---|
| HB 4159 | Provides that at least one member who is appointed to the Oregon Government Ethics Commission must have local government experience. | introduced |
| HB 4177 | Restates the serial communications prohibitions for public meetings law purposes. | in_committee |
| SB 1587 | Prohibits public bodies from disclosing personally identifiable information to a data broker unless the data broker attests that the information will not be sold or transferred to any entity that will use it to enforce federal immigration law. | introduced |
| HB 4017 | Provides that amounts received as contributions by a candidate, principal campaign committee of a candidate and principal campaign committee of a holder of public office may be used for specified security-related expenses. | in_committee |
| HB 4098 | Provides that a violation of prohibitions against certain practices with respect to insurance is subject to an enforcement action under the Unlawful Trade Practices Act. | introduced |
| SB 1540 | Requires an insurer that uses a catastrophe model or wildfire risk model or scoring method to provide the Director of the Department of Consumer and Business Services a description of each model or scoring method, along with related information, and an explanation of how the insurer uses the model or scoring method in underwriting decisions. | in_committee |
| HB 4061 | Directs the Oregon Business Development Department to set up a program for micro-enterprise tariff adjustment grants to small businesses for costs increased by federal tariffs. | in_committee |
| SB 1526 | Requires the State Department of Energy to apply for grant moneys from the State Agency Program Fund to cover the costs and expenses of carrying out pre-startup activities and forming a nonprofit entity. | in_committee |