A. A violation of the Security Breach Notification Act that results in injury or loss to residents of this state may be enforced by the Attorney General or a district attorney in the same manner as an unlawful practice under the Oklahoma Consumer Protection Act. B. Except as provided in subsection D of this section, the Attorney General or a district attorney shall have exclusive authority to bring an action and may obtain actual damages for a violation of the Security Breach Notification Act and a civil penalty not to exceed One Hundred Fifty Thousand Dollars ($150,000.00) per breach of the security of the system or series of breaches of a similar nature that are determined in a single investigation. Civil penalties shall be based upon the magnitude of the breach, the extent to which the behavior of the individual or entity contributed to the breach, and any failure to provide the notice required by Section 163 of this title. C. 1. An individual or entity that uses reasonable safeguards and provides notice as required by Section 163 or 164 of this title shall not be subject to civil penalties and may use such compliance as an affirmative defense in a civil action filed under the Security Breach Notification Act. 2. An individual or entity that fails to use reasonable safeguards but provides notice as required by Section 163 or 164 of this title shall not be subject to the civil penalty set forth in subsection B of this section but shall be subject to actual damages and a civil penalty of Seventy-five Thousand Dollars ($75,000.00). D. A violation of the Security Breach Notification Act by a state-chartered or state-licensed financial institution shall be enforceable exclusively by the primary state regulator of the financial institution.
‹ Prev All Oklahoma sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.