Oklahoma
| Security Breach Notification Act | |
|---|---|
| CITATION | Okla. Stat. § 74-3113.1 |
| ENACTED | 2008 |
| SUMMARY |
The law covers a “breach of the security of a system” which means the unauthorized access and acquisition of unencrypted and un-redacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of Oklahoma. An individual or entity that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of this state whose unencrypted and un-redacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of Oklahoma. |
| DATA COVERED |
The law covers ‘Personal Information’ which means the first name or first initial and last name of an individual in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
|
| INDUSTRY | Any individual or entity that owns or licenses computerized data that includes Personal Information or maintains such data. |
| PENALTIES | A violation of the Act that results in injury or loss to a resident of Oklahoma may be enforced by the Attorney General or a district attorney in the same manner as an unlawful practice. The Attorney General or district attorney may recover either actual damages or a civil penalty not to exceed one hundred fifty thousand dollars ($150,000) per breach of a similar nature that is discovered in a single investigation. |
