A. An individual or entity that maintains its own notification procedures as part of an information privacy or security policy for the treatment of personal information and that are consistent with the timing requirements of the Security Breach Notification Act shall be deemed to be in compliance with the notification requirements of subsection A or B of Section 163 of this title if the individual or entity notifies residents of this state in accordance with its procedures in the event of a breach of security of the system. B. The following entities shall be deemed to be in compliance with the notification requirements of subsection A or B of Section 163 of this title if such entities provide notice to the Attorney General as required by subsection E of Section 163 of this title: 1. A financial institution that complies with the notification requirements prescribed by the Gramm-Leach-Bliley Act and the federal Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice; 2. An entity that complies with the notification requirements prescribed by the Oklahoma Hospital Cybersecurity Protection Act of 2023 or the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and 3. An entity that complies with the notification requirements or procedures pursuant to the rules, regulations, procedures, or guidelines established by the primary or functional federal regulator of the entity.
‹ Prev All Oklahoma sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.