The Oklahoma Computer Data Privacy Act introduces comprehensive regulations for businesses that collect personal information from consumers, defining key terms such as "personal information," "business," and "consumer." The act mandates that businesses inform consumers about the data they collect, obtain consent for data processing, and grant consumers rights to request disclosure, deletion, and opt-out of the sale of their personal information. It also emphasizes compliance with existing laws, preempts conflicting local laws, and outlines civil penalties for violations, with enforcement authority granted to the Oklahoma Attorney General. Additionally, businesses are required to implement employee training regarding consumer inquiries and are prohibited from discriminating against consumers exercising their rights.

The bill further specifies that consumers have the right to request disclosure of the categories and specific items of personal information collected, while also detailing exemptions for publicly available information and medical data. It prohibits businesses from re-identifying de-identified information except for specific purposes and mandates that contracts for the sale of such data include provisions against re-identification. The legislation aims to create a transparent and secure environment for consumer data management, ensuring that businesses can operate within a framework that respects individual rights while complying with state and federal laws.