Oklahoma Enacts Comprehensive Consumer Data Privacy Law | Insights

Staff Editor 2026-03-27
Oklahoma Enacts Comprehensive Consumer Data Privacy Law | Insights

Oklahoma Enacts Comprehensive Consumer Data Privacy Law | Insights

https://www.mayerbrown.com/en/insights/publications/2026/03/oklahoma-enacts-comprehensive-consumer-data-privacy-law

Publish Date: 2026-03-27 03:00:00

Source Domain: www.mayerbrown.com

On March 20, 2026, Oklahoma Governor Kevin Stitt signed Senate Bill 546 into law, establishing Oklahoma’s Act Relating to Data Privacy (the “Oklahoma Privacy Law”). Oklahoma becomes the 21st state to enact a comprehensive consumer privacy law, joining a growing patchwork of state-level data protection frameworks in the absence of an omnibus federal privacy law. The Oklahoma Privacy Law follows similar patterns as other comprehensive state privacy laws enacted in recent years, adopting the dominant model for state privacy legislation observed in states outside of California. (California’s privacy law, the California Consumer Privacy Act (“CCPA”), has its own unique model.) For more information about how the Oklahoma Privacy Law compares to other privacy laws, please see our state privacy law tracker.

This Legal Update summarizes the core provisions of the Oklahoma Privacy Law and highlights a few key takeaways for businesses as they prepare for compliance.

Who Is Covered

The Oklahoma Privacy Law applies to companies that conduct business in Oklahoma or produce products or services targeted at Oklahoma residents, provided the business meets one of both of the following thresholds during a calendar year:

  • The business controls or processes the personal data of at least 100,000 Oklahoma consumers; or
  • The business controls or processes the personal data of at least 25,000 Oklahoma consumers and derives more than 50% of gross revenue from the sale of personal data.

Entity-Level Exemptions

The following entities and individuals are exempt from the Oklahoma Privacy Law:

  • State agencies and political subdivisions of Oklahoma, including service providers processing data on their behalf;
  • Financial institutions subject to Title V of the Gramm-Leach-Bliley Act (“GLBA”);
  • Covered entities and business associates governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for…

Source

More Stories

Chinese actor Jin Ze dies at 33, agency appeals for privacy amid public grief

Chinese actor Jin Ze dies at 33, agency appeals for privacy amid public grief

Staff Editor 2026-06-07
Ag data privacy: Now protected by law

Ag data privacy: Now protected by law

Staff Editor 2026-06-06
Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy