Oregon Statutes 305.804 – Duty of tax professional to notify department of breach of security
(1) As used in this section:
(a) ‘Breach of security,’ ‘consumer’ and ‘personal information’ have the meanings given those terms in ORS § 646A.602.
(b) ‘Tax professional’ means:
(A) A tax preparer or tax consultant licensed or certified under ORS § 673.605 to 673.740;
(B) An attorney;
(C) A certified public accountant;
(D) An enrolled agent; or
(E) Any other licensed professional.
(2) Within five days of discovering a breach of security or having reason to believe that a breach of security has occurred, or within a time frame established by the Department of Revenue by rule in instances in which complete information listed in subsection (3) of this section is not immediately available to a tax professional, a tax professional shall notify the department of the breach of security, if:
(a) The tax professional receives notice of or has reason to know that the breach of security has occurred;
(b) The breach of security compromises personal information of a consumer;
(c) The tax professional, for valuable consideration, has prepared a tax return or advised or assisted in the preparation of a tax return for the consumer or an entity with which the consumer is associated; and
(d) The tax professional obtained the personal information that is the subject of the breach of security in the course of preparing a tax return or advising or assisting in the tax return’s preparation.
(3) The notification required by this section shall include the name, address and tax identification number of the consumer whose personal identification is compromised. [2021 c.353 § 2]
[Formerly 306.340; repealed by 2013 c.176 § 3]