Signed, Sealed and (Soon to Be) Delivered into Law: Oklahoma’s New Data Privacy Law Becomes Effective January 1, 2027 | McAfee & Taft

Staff Editor 2026-04-07
Signed, Sealed and (Soon to Be) Delivered into Law: Oklahoma’s New Data Privacy Law Becomes Effective January 1, 2027 | McAfee & Taft

Signed, Sealed and (Soon to Be) Delivered into Law: Oklahoma’s New Data Privacy Law Becomes Effective January 1, 2027 | McAfee & Taft

https://www.jdsupra.com/legalnews/signed-sealed-and-soon-to-be-delivered-7482625/

Publish Date: 2026-04-07 15:04:00

Source Domain: www.jdsupra.com

Since 2021, we have noted legislative efforts to pass state law regulating the collection, use, and processing of consumer data. On March 20, 2026, Governor Stitt signed Senate Bill 546 into law, establishing Oklahoma’s Act Relating to Data Privacy and making Oklahoma the 21st state to enact a comprehensive consumer privacy law. Although the Act does not become effective until January 1, 2027, businesses should act now to prepare for its requirements.

Who must comply?

The Act applies to businesses that:

  • Do business in Oklahoma or target Oklahoma residents with goods or services; and
  • Either
    • Control or process personal data of at least 100,000 Oklahoma consumers in a calendar year; or
    • Control or process personal data of at least 25,000 Oklahoma consumers and earn over 50% of their revenue from selling personal data.

The Act includes several exclusions and exemptions, however, including for the following:

  • Nonprofit entities
  • Colleges and universities
  • State agencies
  • Information collected for employment purposes or administering employee benefits
  • Certain entities and data subject to HIPAA
  • Certain entities and data subject to the Gramm-Leach-Bliley Act

What is required?

Businesses subject to the Act have several obligations regarding how they treat personal information and how they disclose the same to consumers. These include responding to consumer requests, implementing certain security measures and providing public disclosures on how they use and share personal data.

Consumer Requests
Under the Act, Oklahoma residents may contact businesses and ask that the businesses:

  • Confirm whether it has their personal data,
  • Correct inaccurate personal data,
  • Delete their personal data,
  • Provide a portable copy of their data (if the business keeps it in a digital form), and
  • Opt out of
    • Targeted advertising,
    • Automated profiling for certain decision making, and
    • The sale of the consumer’s personal data.

Covered businesses are…

Source

More Stories

Why U.S. Privacy Laws Weren’t Built for AI Smart Glasses

Why U.S. Privacy Laws Weren’t Built for AI Smart Glasses

Staff Editor 2026-06-07
Lack of privacy, toilets, persistent stigma forces girls in Odisha to miss school during menstruation

Lack of privacy, toilets, persistent stigma forces girls in Odisha to miss school during menstruation

Staff Editor 2026-06-07
State seeks stricter data privacy rules

State seeks stricter data privacy rules

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy