Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Oklahoma · Title 36 — Insurance

§36-672. Definitions.

823 words·~4 min read·/ok/title-36-insurance/36-672·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

As used in this act:
1. “Authorized individual” means an individual known to and screened by the licensee and determined to be necessary and
appropriate to have access to the nonpublic information held by the licensee and its information systems;
2. “Commissioner” means the Insurance Commissioner;
3. “Consumer” means an individual, including but not limited to applicants, policyholders, insureds, beneficiaries, claimants, and certificate holders, who is a resident of this state and whose nonpublic information is in the possession, custody, or control of a licensee;
4. “Cybersecurity event” means an event resulting in unauthorized access to or disruption or misuse of an information system or nonpublic information stored on the information system. The term cybersecurity event shall not include the unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization. Cybersecurity event shall not include an event in which the licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed;
5. “Department” means the Insurance Department;
6. “Encrypted” means the transformation of data into a form which results in a low probability of assigning meaning without the use of a protective process or key;
7. “Information security program” means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information;
8. “Information system” means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of nonpublic information, as well as any specialized system such as industrial or process controls systems, telephone switching and private branch exchange systems, and environmental control systems;
9. “Licensee” means any person licensed, authorized to operate, or registered, or required to be licensed, authorized to operate, or registered, pursuant to Title 36 of the Oklahoma Statutes; provided, however, that it shall not include a purchasing group or a risk retention group chartered and licensed in a state other than this state or a person that is acting as an assuming insurer that is domiciled in another state or jurisdiction;
10. “Multi-factor authentication” means authentication through verification of at least two
(2)of the following types of authentication factors:
a. knowledge factors, such as a password,
b. possession factors, such as a token or text message on
a mobile phone, or
c. inherence factors, such as a biometric characteristic;
11. “Nonpublic information” means electronic information that is not publicly available and is:
a. business related information of a licensee, of which
the tampering with or unauthorized disclosure, access,
or use of would cause a material adverse impact to the
business, operations, or security of the licensee,
b. any information concerning a consumer that, because of
name, number, personal mark, or other identifier, can
be used to identify him or her, in combination with
any one or more of the following data elements:
(1)social security number,
(2)driver license number or nondriver identification
card number,
(3)financial account number, credit card number, or
debit card number,
(4)any security code, access code, or password that
would permit access to a consumer’s financial
account, or
(5)biometric records, or
c. any information or data, except age or gender, in any
form or medium created by or derived from a health
care provider or a consumer that can be used to
identify a particular consumer and that relates to:
(1)the past, present, or future physical, mental, or
behavioral health or condition of any consumer or
a member of the family of the consumer,
(2)the provision of health care to any consumer, or
(3)payment for the provision of health care to any
consumer;
12. “Person” means any individual or any nongovernmental entity including, but not limited to, any nongovernmental partnership, corporation, branch, agency, or association;
13. “Publicly available information” means any information that a licensee has reasonable basis to believe is lawfully made available to the general public from federal, state, or local government records, widely distributed media, or disclosures to the general public that are required to be made by federal, state, or local law. For the purposes of this definition, a licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine:
a. that the information is of the type that is available
to the general public, and
b. whether a consumer can direct that the information not
be made available to the general public and, if so,
that such consumer has not done so; and
14. “Third-party service provider” means a person, not otherwise defined as a licensee, that contracts with a licensee to maintain, process, store, or otherwise is permitted access to nonpublic information through its provision of services to the licensee. Added by Laws 2024, c. 346, § 3, eff. July 1, 2024.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.