Vote Smart's Synopsis:

Vote to pass a bill that establishes computer data privacy protections.

Highlights:

• Defines "collect" as to buy, rent, gather, obtain, receive or access the personal information of a consumer by any means, including by actively or passively receiving the information from the consumer or by observing the consumer's behavior (Sec. 2-5).

• Defines "medical information" as any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of healthcare, health care service plan, pharmaceutical company, or contractor regarding a patient's medical history, mental or physical condition, or treatment (Sec. 4.H-5).

• Specifies this act does not apply to medical information governed by state privacy health laws or protected health information that is collected by a covered entity or business associate governed by the privacy, security and data breach notification rules issued by the United States Department of Health and Human Services (Sec. 4-2).

• Establishes the collection or sale of a consumer's personal information occurs wholly outside of this state if (Sec. 4.F):

• The business collects that information while the consumer is outside of this state;

• No part of the sale of the information occurs in this state; and

• The business does not sell any personal information of the consumer collected while the consumer is in this state.

• Prohibits a right or obligation under this act from applying to the extent that the exercise of the right or performance of the obligation infringes on a noncommercial activity of (Sec. 5):

• A publisher, editor, reporter or other person connected with or employed by a newspaper, magazine or other publication of general circulation, including a periodical newsletter, pamphlet or report;

• A radio or television station that holds a license issued by the Federal Communications Commission; or

• An entity that provides an information service, including a press association or wire service.

• Specifies this act does not mandate a business to violate an evidentiary privilege under federal or state law or prevent a business from disclosing to a person covered by an evidentiary privilege the personal information of a consumer as part of a privileged communication (Sec. 6-2).

• Amends Oklahoma statutes regarding data collection in the following ways (Sec. 7):

• This act shall be liberally construed to affect its purposes and to harmonize, to the extent possible, with other laws of this state relating to the privacy or protection of personal information;

• To the extent of a conflict between a provision of this act and a provision of federal law, including a regulation or an interpretation of federal law, federal law controls and conflicting requirements or other provisions of this act do not apply. Further, should the federal government pass comprehensive data privacy regulations that conflict with the provisions herein, federal law will prevail; and

• To the extent of a conflict between a provision of this act and another statute of this state with respect to the privacy or protection of consumers' personal information, the provision of law that affords the greatest privacy or protection to consumers prevails.

• Specifies this act does not mandate a business to do the following (Sec. 10.D):

• Retain a consumer's personal information that was collected for a one-time transaction if the information is not sold or retained in the ordinary course of business; or

• Re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.

Full Bill Text