Oklahoma Legislature files privacy law focused on data protection and national security concerns

McAfee & Taft
Contact

McAfee & Taft

Earlier this year we provided updates on Oklahoma House Bill 1602 (HB 1602), a bipartisan proposal that received national press for being one of the most stringent privacy laws proposed or enacted by a state legislature. Over the summer, HB 1602 hit roadblocks in the Oklahoma Senate and was not enacted into law.

On September 9, 2021, the same representatives that proposed HB 1602 – Majority Leader Rep. Josh West, R-Grove, and Rep. Collin Walke, D-Oklahoma City – filed the Oklahoma Computer Data Privacy Act of 2022 or House Bill 2968 (HB 2968), once again seeking to enact consumer privacy legislation for the state. With this revised proposal, the representatives cite national security concerns as a driving force for new proposed statutory protections of the data of Oklahoma residents. House Bill 2968 can be read online here.

If passed, HB 2968 would mandate significant privacy and security requirements for specific types of businesses operating or doing business in Oklahoma. These include the creation and disclosure of privacy policies, limitations on the collection, use and retention of consumer information, and the implementation and maintenance of security procedures, practices and safeguards. HB 2968 also creates consumer privacy rights for Oklahoma residents that require consumer “opt-in” prior to the collection, use and sale of information, a consumer right to request information from businesses about what information they have collected, used or shared, and the consumer right to have certain information deleted.

HB 2968 provides that the Oklahoma Attorney General shall be responsible for enforcing the Oklahoma Computer Data Privacy Act of 2022. Companies that are found to violate the law would be liable for injunctive relief, statutory damages up to $7,500 for intentional violations and $2,500 for unintentional violations, and punitive damages if requested by the Attorney General. HB 2968 does not provide an explicit right for consumers to sue in their own private actions.

If passed during the 2022 legislative session, this new privacy law would become effective on Nov. 1, 2023, providing businesses approximately one year to update their practices to comply with the requirements of HB 2968. Notably, HB 1602 will also be considered during the 2022 legislative session, providing Oklahoma lawmakers with two proposed laws for Oklahoma consumer data regulation. In a joint press release announcing HB 2968, co-author West noted that the “[t]he importance of data privacy legislation cannot be overstated” and “[b]ecause data privacy is clearly a matter of personal, state and national security, we cannot wait any longer for implementation.” Co-author Walke reiterated this sentiment, stating Oklahoma “must be part of the solution and not the problem.”

As a result, and as the Oklahoma Computer Data Privacy Act of 2022 moves through the legislative process, businesses should assess and address the privacy policies and security safeguards that protect their consumers and impact Oklahoma residents.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McAfee & Taft | Attorney Advertising

Written by:

McAfee & Taft
Contact
more
less

McAfee & Taft on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.