On March 4, the Oklahoma Computer Data Privacy Act (HB 1602) passed the state House of Representatives by a vote of 85-11. If enacted in its current form, the bill would take effect on January 1, 2023, at the same as the California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCDPA”).
As Lydia de la Torre and Ann LaFrance explain in greater detail here, the bill tracks the California Consumer Privacy Act (“CCPA”) in many ways. It imposes obligations on “businesses” that meet certain thresholds and applies to data of “consumers” which is defined to mean residents of the State of Oklahoma. However, the revenue threshold triggering application of the law would be annual gross revenues excess of $10 million for Oklahoma businesses, as compared to $25 million under the CCPA. Like the CCPA, the Oklahoma bill provides consumers with various privacy rights, including the rights of data access and deletion. The bill prohibits discrimination but allows for financial incentives subject to certain limitations. In addition, it requires reasonable security and notice at collection. Whether the bill passes before the Oklahoma legislature adjourns at the end of May remains to be seen. Stay tuned-CPW will be there.