The Oklahoma Computer Data Privacy Act establishes comprehensive regulations for businesses that collect personal information from consumers, defining key terms and outlining its applicability based on specific thresholds such as annual revenue and data volume. The act mandates that businesses inform consumers about the data they collect, obtain consent for data processing, and grant consumers rights to request disclosure, deletion, and opt-out of the sale of their personal information. It also emphasizes compliance with existing laws, preempts conflicting local ordinances, and includes provisions for civil penalties for violations, with the Oklahoma Attorney General empowered to enforce the law.

Additionally, the bill introduces new provisions that enhance consumer privacy rights, including the right to request disclosure of personal information and the prohibition of re-identification of de-identified data without consent. Businesses must implement reasonable security measures and cannot discriminate against consumers exercising their rights. The act also outlines penalties for violations, with fines for non-compliance, and provides liability protections for businesses that disclose consumer information to third parties without knowledge of any intent to violate the act. Overall, the legislation aims to strengthen consumer protections and ensure transparency in the handling of personal information in Oklahoma.