Oregon Consumer Privacy Act

Oregon Consumer Privacy Act, in force 1 Jul 2024 (businesses) and 1 Jul 2025 (most non-profits — uniquely OCPA covers most non-profits). Follows the Virginia template + UOOM honour + a unique right to know specific third-party recipients (not just categories). Civil penalties up to $7,500/violation. 2025 OR AG enforcement-priorities note flagged opt-out failures and processor-contract gaps.

Composition

12 controls currently indexed; participates in 7 cross-framework synthesis clusters.

Participates in synthesis

Each cluster listed below combines this framework's controls with operationally equivalent controls from other frameworks, resolving the overlap into a single audit-defensible specification.

• Children's privacy across US states — heightened protections
• Cross-jurisdiction consumer / Data Principal rights — operational fabric
• Data broker registration and obligations (US states)
• PII principal rights — comprehensive ISO 27701-anchored programme
• Processor / service provider contract requirements across jurisdictions
• Sensitive personal information — heightened protection across jurisdictions
• Universal Opt-Out Mechanism (UOOM) / Global Privacy Control honour across US states