§24-164. Notice procedures deemed in compliance.
251 words·~1 min read·
/ok/title-24-debtor-and-creditor/24-164·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
A. An individual or entity that maintains its own notification procedures as part of an information privacy or security policy for the treatment of personal information and that are consistent with the timing requirements of the Security Breach Notification Act shall be deemed to be in compliance with the notification requirements of subsection A or B of Section 163 of this title if the individual or entity notifies residents of this state in accordance with its procedures in the event of a breach of security of the system.
B. The following entities shall be deemed to be in compliance with the notification requirements of subsection A or B of Section 163 of this title if such entities provide notice to the Attorney General as required by subsection E of Section 163 of this title:
1. A financial institution that complies with the notification requirements prescribed by the Gramm-Leach-Bliley Act and the federal Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice;
2. An entity that complies with the notification requirements prescribed by the Oklahoma Hospital Cybersecurity Protection Act of 2023 or the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and
3. An entity that complies with the notification requirements or procedures pursuant to the rules, regulations, procedures, or guidelines established by the primary or functional federal regulator of the entity. Added by Laws 2008, c. 86, § 4, eff. Nov. 1, 2008. Amended by Laws 2025, c. 406, § 3, eff. Jan. 1, 2026.