Global Data Privacy Guide |
|
USA, Oklahoma |
|
|
(United States)
Firm
Crowe Dunlevy
Contributors
Anthony Hendricks |
|
| 1. What is the key legislation? | Oklahoma has no single comprehensive data privacy legislation. Instead, Oklahoma has enacted several laws that safeguard personal information and an individual's right to privacy. Relevant state laws related to data privacy in Oklahoma include:
Along with state law, companies and individuals in Oklahoma may also have to comply with Federal laws related to data privacy and security. |
| 3. Who is subject to privacy obligations? | Applicability varies by law. Below is a discussion of the subject of the state privacy laws: Financial Privacy Act Oklahoma’s Financial Privacy Act applies to financial institutions. Security Breach Notification Act Oklahoma’s Security Breach Notification Act applies to individuals and entities that owns or licenses computerized data that includes personal information of any resident of Oklahoma. Student Data Accessibility, Transparency and Accountability Act of 2013 The Student Data Accessibility, Transparency and Accountability Act only addresses the Oklahoma Department of Education and does not address the records held by individual schools. |
| 5. What are the principles applicable to personal data processing? | There is not an Oklahoma specific statute regarding this. |
| 6. How is the processing of personal data regulated? | Oklahoma does not have a specific law that addresses this. |
| 7. How are storage, security and retention of personal data regulated? | Oklahoma does not have a specific law that addresses this. |
| 8. What are the data subjects' rights under the data legislation? | There are no Oklahoma laws. |
| 11. Are cross-border data transfers regulated? If so, what are the restrictions on cross-border data transfers? | There are no Oklahoma laws. |
| 13. Are there any notification requirements for incidents and/or data breaches? | Entities and individuals are required to notify any affected individual if:
Notice under the Security Breach Notification Act can be delayed if a law enforcement agency advises that disclosure would impede an investigation or impact national or homeland security. |
| 14. Who is/are the privacy regulator(s)? | The Oklahoma Attorney General regulates privacy. |
| 15. What are the consequences of a data breach? | Following a data breach, the entities and individuals are required to provide notices to the affected parties. Please see the section on notification requirements. |
| 16. How is electronic marketing regulated? | Electronic marketing is subject to the Oklahoma Consumer Protection Act along with laws that address spoofing and phishing. Oklahoma Consumer Protection Act The Oklahoma Consumer Protection Act prohibits several enumerated “unfair or deceptive trade practices,” including misrepresentations, false statements, and bait and switch advertising. Anti-Caller ID Spoofing Act The Anti-Caller ID Spoofing Act makes it illegal for a caller to knowingly insert false information into a caller identification system with the intent to mislead, defraud, or deceive the recipient of a telephone call (15 O.S. § 776.23). Anti-Phishing Act Oklahoma has an Anti-Phishing Act that makes it unlawful for any person, by means of a web page or link to a webpage to solicit, request, or take any action to induce another person to provide identifying information by representing himself, herself, or itself to be a business without the authority or approval of the business (15 O.S. § 776.8 - 776.12). The Anti-Phishing Act provides a private right of action that allows victims to seek injunctive relief and damages. Fraudulent Use of Electronic Mail The Fraudulent Use of Electronic Mail provision of the Oklahoma Consumer Protection Act makes it unlawful to send an e-mail when the sender knows that the e-mail does not contain an identifying point of origin or contains false, misleading, or malicious material that could purposefully or negligently injure a person (§§ 776.1 - 776.7 of Title 15 of the O.S.). |
| 24. Are there any recent developments or expected reforms? | The Oklahoma State Legislature is currently debating two consumer data privacy laws. The 2021 Oklahoma Computer Data Privacy act would require businesses to get consent before collecting data, and consumers would have to opt-in to the sale of their data. The bill also provides consumer rights. The 2022 version of the bill only allows businesses to collect and share data with third parties only if it is necessary to provide goods and services. Companies would also be required to inform consumers of their right to opt out of personalized advertising. The bill also includes consumer rights. |
Global Data Privacy Guide
Oklahoma has no single comprehensive data privacy legislation. Instead, Oklahoma has enacted several laws that safeguard personal information and an individual's right to privacy. Relevant state laws related to data privacy in Oklahoma include:
- Financial Privacy Act (6 O.S. §§ 2201 – 2208 )
- Security Breach Notification Act (24 O.S. §§ 161 – 166)
- Electric Usage Data Protection Act (17 O.S. § 710.4)
- Personal Privacy Protection Act (51 O.S. § 50)
- Statutes regarding unsolicited commercial communications including the Fraudulent Use of Electronic Mail Act (15 O.S. (§§ 776.1 - 776.7), Anti-Phishing Act (15 O.S. § 776.8 - 776.12), Anti-Caller Id Spoofing Act (15 O.S. § 776.23), Oklahoma Consumer Protection Act provisions on commercial telephone solicitation (15 O.S. § 775A.4).
- Security of Communication Act (13 O.S. §§ 176.1 - 176.7)
- Student Data Accessibility, Transparency and Accountability Act of 2013 (70 of O.S. § 3-168)
Along with state law, companies and individuals in Oklahoma may also have to comply with Federal laws related to data privacy and security.
Applicability varies by law. Below is a discussion of the subject of the state privacy laws:
Financial Privacy Act
Oklahoma’s Financial Privacy Act applies to financial institutions.
Security Breach Notification Act
Oklahoma’s Security Breach Notification Act applies to individuals and entities that owns or licenses computerized data that includes personal information of any resident of Oklahoma.
Student Data Accessibility, Transparency and Accountability Act of 2013
The Student Data Accessibility, Transparency and Accountability Act only addresses the Oklahoma Department of Education and does not address the records held by individual schools.
There is not an Oklahoma specific statute regarding this.
Oklahoma does not have a specific law that addresses this.
Oklahoma does not have a specific law that addresses this.
There are no Oklahoma laws.
There are no Oklahoma laws.
Entities and individuals are required to notify any affected individual if:
- unredacted or unencrypted personal information was accessed and acquired by an unauthorized person.
- the encrypted information is accessed and acquired in an unencrypted form or;
- the security breach involves a person with access to the encrypted key
Notice under the Security Breach Notification Act can be delayed if a law enforcement agency advises that disclosure would impede an investigation or impact national or homeland security.
The Oklahoma Attorney General regulates privacy.
Following a data breach, the entities and individuals are required to provide notices to the affected parties. Please see the section on notification requirements.
Electronic marketing is subject to the Oklahoma Consumer Protection Act along with laws that address spoofing and phishing.
Oklahoma Consumer Protection Act
The Oklahoma Consumer Protection Act prohibits several enumerated “unfair or deceptive trade practices,” including misrepresentations, false statements, and bait and switch advertising.
Anti-Caller ID Spoofing Act
The Anti-Caller ID Spoofing Act makes it illegal for a caller to knowingly insert false information into a caller identification system with the intent to mislead, defraud, or deceive the recipient of a telephone call (15 O.S. § 776.23).
Anti-Phishing Act
Oklahoma has an Anti-Phishing Act that makes it unlawful for any person, by means of a web page or link to a webpage to solicit, request, or take any action to induce another person to provide identifying information by representing himself, herself, or itself to be a business without the authority or approval of the business (15 O.S. § 776.8 - 776.12). The Anti-Phishing Act provides a private right of action that allows victims to seek injunctive relief and damages.
Fraudulent Use of Electronic Mail
The Fraudulent Use of Electronic Mail provision of the Oklahoma Consumer Protection Act makes it unlawful to send an e-mail when the sender knows that the e-mail does not contain an identifying point of origin or contains false, misleading, or malicious material that could purposefully or negligently injure a person (§§ 776.1 - 776.7 of Title 15 of the O.S.).
The Oklahoma State Legislature is currently debating two consumer data privacy laws.
The 2021 Oklahoma Computer Data Privacy act would require businesses to get consent before collecting data, and consumers would have to opt-in to the sale of their data. The bill also provides consumer rights.
The 2022 version of the bill only allows businesses to collect and share data with third parties only if it is necessary to provide goods and services. Companies would also be required to inform consumers of their right to opt out of personalized advertising. The bill also includes consumer rights.