A new Oregon law that broadens firms’ obligations to safeguard customer data and alert authorities in the event of a cybersecurity breach could pave the way for more regulators to step up rules requiring the protection of personally identifiable information. The Oregon regulation, Senate Bill 1551, took effect on...