OK SB614

Requires individuals and entities owning computerized data with personal information to notify affected Oklahoma residents and financial institutions without unreasonable delay following discovery of a security breach involving unencrypted personal information.

Mandates disclosure to the Office of the Attorney General within three business days of discovering a breach of credit or debit card information for entities conducting business in Oklahoma.

Allows law enforcement to request delayed notice if notification would impede a criminal or civil investigation or compromise homeland or national security, with notice required without unreasonable delay once the agency determines notification will no longer impede the investigation.

Establishes enforcement authority with the Attorney General or district attorneys able to obtain actual damages or civil penalties up to $150,000 per breach or series of similar breaches discovered in a single investigation.

Becomes effective November 1, 2017.