Oklahoma Privacy Law Attorneys

Oklahoma Consumer Data Privacy Act (OKCDPA) — Effective January 1, 2027

Home / States / Oklahoma

Oklahoma Privacy Law Overview

Oklahoma has enacted a comprehensive consumer privacy law that is not yet in force. The Oklahoma Consumer Data Privacy Act takes effect January 1, 2027, so Oklahoma businesses have a window now to map their data, update privacy notices, and stand up consumer-rights processes before obligations begin.

The Oklahoma Consumer Data Privacy Act (OKCDPA)

The Oklahoma Consumer Data Privacy Act (OKCDPA) was signed into law in March 2026 and takes effect January 1, 2027. It follows the mainstream multistate framework, giving Oklahoma residents rights to access, correct, delete and port their personal data and to opt out of targeted advertising, the sale of data, and profiling, with opt-in consent required for sensitive data. Enforcement rests with the Oklahoma Attorney General; there is no private right of action. Businesses should use the lead time before January 1, 2027 to build their compliance programs.

Status: Enacted but not yet in force — the law takes effect January 1, 2027. Businesses should prepare now.

OKCDPA: Quick Overview

  • Effective Date: January 1, 2027
  • Citation: SB 546 (2026)
  • Enforced By: Oklahoma Attorney General
  • Maximum Penalty: Civil penalties set by statute, enforced by the Oklahoma Attorney General
  • Private Right of Action: No (enforcement by the state only)
  • Right to Cure: Applies once the law takes effect on January 1, 2027

Who Must Comply

The OKCDPA applies to businesses that meet Oklahoma's applicability thresholds:

  • Applicability thresholds are set by the statute and take effect with the law on January 1, 2027; businesses operating in or targeting Oklahoma should assess coverage before that date.

Consumer Rights Under the OKCDPA

Oklahoma residents can exercise the following rights over their personal data:

  • Right to access / confirm what data is held
  • Right to correct inaccurate data
  • Right to delete personal data
  • Right to data portability
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data
  • Right to opt out of profiling for significant decisions

Sensitive personal data: Businesses must obtain opt-in consent before processing sensitive data (such as health, biometric, precise-geolocation, or demographic data).

Data Breach Notification in Oklahoma

Oklahoma's data-breach notification law requires businesses to notify affected residents when their personal information is compromised.

  • Deadline to notify residents: Without unreasonable delay following discovery
  • Attorney General notice: Notify the Oklahoma Attorney General for breaches affecting residents
  • Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)

Federal Privacy Laws That Apply in Oklahoma

Even where Oklahoma law is silent, residents and businesses are covered by federal privacy statutes:

  • HIPAA — health information held by providers, plans and their vendors
  • GLBA — privacy and safeguards rules for financial institutions
  • FERPA — student education records
  • FCRA — consumer reporting agencies and background screening
  • COPPA — online collection of data from children under 13
  • FTC Act §5 — unfair or deceptive privacy and data-security practices

Oklahoma Privacy Law FAQ

Is Oklahoma's privacy law in effect yet?
No. The Oklahoma Consumer Data Privacy Act has been signed but does not take effect until January 1, 2027. Until then, Oklahoma residents rely on the state's data-breach and consumer-protection laws and on federal privacy statutes, but businesses should prepare now for the new rights and obligations.
What should Oklahoma businesses do before the law takes effect?
Use the lead time to inventory what personal data you collect, update privacy notices, build processes to honor access/deletion/opt-out requests, put data-processing agreements in place with vendors, and obtain opt-in consent flows for sensitive data — all before January 1, 2027.

How a Oklahoma Privacy Attorney Can Help

For Businesses

  • Build and audit a privacy compliance program
  • Draft privacy policies, notices and vendor contracts
  • Respond to consumer rights requests
  • Manage data-breach response and notification
  • Defend regulatory investigations and enforcement

For Consumers

  • Enforce your privacy rights against non-compliant businesses
  • Pursue or join data-breach litigation
  • File complaints with the Oklahoma Attorney General
  • Seek damages for identity theft and fraud
  • Stop unlawful data sales and unwanted marketing

Need a Oklahoma Privacy Attorney?

Whether you are a business working toward compliance or a Oklahoma resident whose privacy has been violated, our network of Oklahoma-licensed attorneys can help.

Find a Oklahoma Privacy Attorney

Other State Privacy Laws

Texas

TDPSA – comprehensive privacy law

Louisiana

LDPA – comprehensive law effective January 1, 2027

Alabama

Alabama PDPA – comprehensive law effective May 1, 2027

Kansas

State data-breach & sectoral privacy laws

California

CCPA/CPRA – strongest consumer privacy law in the U.S.

Florida

FDBR – comprehensive privacy law