Oklahoma House passes privacy law … again?

Data privacy text on a computer keyboard glowing blue

This week, the Oklahoma House of Representatives passed the Oklahoma Computer Data Privacy Act (HB 1030) – for the third time in three years –  seeking to enact one of the most comprehensive privacy laws proposed by a state legislature.  The legislative text of HB 1030 aligns closely with prior attempts by the House in 2021 and 2022 to drive transformational changes to consumer privacy law in Oklahoma. HB 1030 can be read online here.

As we have previously outlined and if passed, HB 1030 would mandate significant privacy and security requirements for specific types of businesses operating in Oklahoma. These include the creation and disclosure of privacy policies, limitations on the collection, use and retention of consumer information, and the implementation and maintenance of cybersecurity procedures, practices and safeguards.   Like past versions, HB 1030 designates the Oklahoma Attorney General with responsibility for enforcing the Act. Companies that are found to violate the law would be liable for injunctive relief, statutory damages up to $7,500 for intentional violations and $2,500 for unintentional violations.  HB 1030 does not provide an explicit right for consumers to sue in their own private actions.  If the current version is passed in this legislative session, the new privacy law would become effective one year after enactment.

If HB 1030 becomes law, Oklahoma would join five other states with current consumer privacy legislation:  California, Colorado, Connecticut, Virginia, and Utah.  To navigate the journey of HB 1030 and this complicated patchwork of laws, stay connected with McAfee & Taft and the attorneys in our Cybersecurity & Privacy Group.