Get Full Government Meeting Transcripts, Videos, & Alerts Forever!

Committee considers requiring earlier cyber-incident reporting by public bodies to aid rapid response

Joint Interim Committee on Information Management and Technology · November 18, 2025

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Staff presented an interim concept to require earlier reporting of cyber incidents by public bodies to a central authority to speed operational response; the committee discussed existing state law's 250-record breach threshold, 45-day reporting window, and whether a protected central notification process could better protect other public entities.

Committee staff reviewed a legislative concept to require earlier notification of cybersecurity incidents by public bodies to a central state entity (such as the Department of Justice fusion center or the state CIO’s office). Staff said Oregon’s current breach notification law requires covered entities to notify affected individuals and, for larger breaches, report to the Department of Justice, but those filings are high-level and may…

Already have an account? Log in

Subscribe to keep reading

Unlock the rest of this article — and every article on Citizen Portal.

Unlimited articles
AI-powered breakdowns of topics, speakers, decisions, and budgets
Instant alerts when your location has a new meeting
Follow topics and more locations
1,000 AI Insights / month, plus AI Chat

See memberships

30-day money-back on paid plans