As of this week, Oklahoma is now one of numerous states where consumer data privacy legislation has been proposed. The Oklahoma Computer Data Privacy Act (OCDPA), House Bill 1602, was filed on January 19, 2021 for review and commentary in the State’s 58th Legislative Session, which begins February 1st. The text of House Bill 1602 may be found here.
The bipartisan legislation was authored by Rep. Josh West, R-Grove, and Rep. Collin Walke, D-OKC. If passed, the OCDPA would require that certain companies obtain prior consent before collecting and selling consumer data. The bill also gives Oklahoma residents a mechanism for requesting that businesses disclose what information they have about them, as well as the right to request deletion of that information.
Under House Bill 1602, the Oklahoma Corporation Commission would enforce the OCDPA, and any fines collected by the Commission for OCDPA violations would go to the State’s General Revenue Fund. The bill also provides a private right of action for Oklahoma residents for which residents may seek injunctive relief, actual damages, and statutory damages up to $7,500 for intentional violations.
Following a press release concerning House Bill 1602, we reached out to the authors of House Bill 1602 for comment.
“Our government is set up so that it is difficult to pass laws without broad agreement, which is why technology usually gets ahead of the law,” said Rep. West. “That’s not new. For example, before spacing units were implemented there was a lot of oil and gas that was wasted. Spacing units improved oil and gas extraction efficiency. So, regulations can, at times, actually improve efficiency. We hope this is the first step in more efficient internet usage.”
According to co-author Rep. Walke, regulations to protect consumer data privacy are clearly becoming necessary.
“As with all legislation, there will be groups with adverse interests opposing this bill, but the legislature’s priority should be focused on protecting our constituent’s privacy,” said Walke. “That is a safeguard that we have in place for the government, and it should be no less true for private companies who can – and often do – exploit our private information for their personal gain. I believe our bill is common sense: Absent consent, personal data should be just that, private. It should not be bartered to the highest bidder who can then use that information without the consumer’s knowledge.”
For more information about House Bill 1602 and other cybersecurity issues that may affect your business, be on the lookout for McAfee & Taft’s forthcoming video Q&A series, “What You Need to Know About Data Privacy and Cybersecurity,” beginning on international Data Privacy Day, January 28, 2021, and continuing throughout 2021.