Can I ignore my obligations as a service provider with access to personal information in Oklahoma? What are the requirements?

As a service provider with access to personal information in Oklahoma, you cannot ignore your obligations. You are required to exercise appropriate due diligence in selecting your service providers and require them to implement appropriate measures designed to meet the objectives of the regulation ^[1.1]. Additionally, you must provide an initial notice in accordance with Section 365:35-1-10 and enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information ^[1.2].

Furthermore, you must obtain authorization from the consumer or customer whose nonpublic personal health information is sought to be disclosed before disclosing nonpublic personal health information about a consumer or customer ^[4.1].

Exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information exist, but they only apply if the licensee discloses nonpublic personal financial information as necessary to effect, administer or enforce a transaction that a consumer requests or authorizes ^[1.4].

Finally, limits on redisclosure and reuse of nonpublic personal financial information exist. If you receive nonpublic personal financial information from a nonaffiliated financial institution under an exception, your disclosure and use of that information is limited. If you receive nonpublic personal financial information from a nonaffiliated financial institution other than under an exception, you may disclose the information only to the affiliates of the financial institution from which you received the information, to your affiliates, or to any other person if the disclosure would be lawful if made directly to that person by the financial institution from which you received the information ^[1.5].

Regarding the context documents, they are not relevant to the query.

Source(s):

• [1.1] Oversee service provider arrangements
• [1.2] Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing
• [4.1] When authorization required for disclosure of nonpublic personal health information
• [1.4] Exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions
• [1.5] Limits on redisclosure and reuse of nonpublic personal financial information

Jurisdiction

Oklahoma

• Privacy