Current through Laws 2024, c. 453.
As used in this act:
1. "Covered entity" means any hospital, as defined in Section 1-701 of Title 63 of the Oklahoma Statutes, whether for-profit or not-for-profit, which is owned, either in whole in or part, or is managed in whole or in part, by hospitals whose business is subject to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191;2. "Data breach" means the unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information or restricted information maintained by a covered entity as part of a database of personal information or restricted information regarding multiple individuals and that causes, or the covered entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of this state. Good-faith acquisition of personal information or restricted information by an employee or agent of a covered entity for the purposes of the covered entity is not a breach of the security system; provided, that the personal information or restricted information, as the case may be, is not used for a purpose other than a lawful purpose of the covered entity or subject to further unauthorized disclosure;3. "Personal information" means the first name or first initial and last name in combination with and linked to any one or more of the following data elements that relate to a resident of this state, when the data elements are neither encrypted nor redacted:a. Social Security number,b. driver license number or state identification number issued in lieu of a driver license, orc. financial account number, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to the financial accounts of an individual. The term does not include information that is lawfully obtained from publicly available information, or from federal, state, or local government records lawfully made available to the public;
4. "Restricted information" means any information about an individual, other than personal information, that, alone or in combination with other information, including personal information, can be used to distinguish or trace the individual's identity or that is linked or linkable to an individual, if the information is not encrypted, redacted, or altered by any method or technology in such a manner that the information is unreadable, and the breach of which is likely to result in a material risk of identity theft or other fraud to person or property; and5. "Encrypted" and "redacted" shall have the same meanings as in Section 162 of Title 24 of the Oklahoma Statutes.Okla. Stat. tit. 18, § 2069
Added by Laws 2023 , c. 84, s. 2, eff. 11/1/2023.