Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party file sharing tools that collect personal information in Oklahoma? What are the requirements?

Using Third-Party File Sharing Tools that Collect Personal Information in Oklahoma

Based on the context documents provided, there are no specific laws or regulations in Oklahoma that prohibit the use of third-party file sharing tools that collect personal information. However, it is important to ensure that any personal information collected is handled in accordance with applicable laws and regulations.

Requirements for Handling Personal Information in Oklahoma

If you collect personal information in Oklahoma, you must comply with the following requirements:

  1. Driver Requirements - Record Keeping [47 OKST 1061]: If you are operating a peer-to-peer car sharing program, you must keep a record of the name and address of the shared vehicle driver, the number of the driver license of the shared vehicle driver and each other person, if any, who will operate the shared vehicle, and the place of issuance of the driver license.
  2. Exception to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing [OKAC 365:35-1-30]: If you are a licensee providing nonpublic personal financial information to a nonaffiliated third party to perform services for you or functions on your behalf, you must provide the initial notice in accordance with Section 365:35-1-10 and enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information.
  3. Monitoring Use of OCIS and Investigation of Inappropriate Use [20 OKST Rule 2]: If you are using the Oklahoma Supreme Court’s Management Information Services (MIS), you should keep in mind that anything created or stored in the computer system may be reviewed by others, and by using such resources, you consent to such reviews.
  4. When authorization required for disclosure of nonpublic personal health information [OKAC 365:35-1-40]: If you are a licensee, you shall not disclose nonpublic personal health information about a consumer or customer unless an authorization is obtained from the consumer or customer whose nonpublic personal health information is sought to be disclosed.
  5. Disclosing Information about the Investigation - Misdemeanor - Exceptions [21 OKST 465]: Any law enforcement agency or public safety entity conducting a criminal investigation shall be prohibited from disclosing information about the investigation unless the disclosure is necessary to gather information and evidence related to the investigation.

Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information [2.1]

If you receive nonpublic personal financial information from a nonaffiliated financial institution, you must limit your disclosure and use of that information. You may disclose the information to the affiliates of the financial institution from which you received the information, to your own affiliates, or pursuant to an exception in Sections 365:35-1-31 or 32 of the regulation. However, you may not disclose that information to a third party for marketing purposes or use that information for your own marketing purposes.

Limits on Sharing Account Number Information for Marketing Purposes [2.3]

You shall not disclose, other than to a consumer reporting agency, a policy number or similar form of access number or access code for a consumer’s policy or transaction account to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer. However, there are exceptions to this rule, such as disclosing the information to your service provider solely in order to perform marketing for your own products or services, or to a participant in an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program.

Collection, Verification, and Retention of Records [1.2]

If you are operating a peer-to-peer car sharing program, you shall collect and verify records pertaining to the use of a vehicle, including, but not limited to, times used, car sharing period pickup and drop off locations, fees paid by the shared vehicle driver and revenues received by the shared vehicle owner, and provide that information upon request to the shared vehicle owner, the shared vehicle owner’s insurer, or the shared vehicle driver’s insurer to facilitate a claim coverage investigation, settlement, negotiation, or litigation. You shall retain the records for a time period not less than the applicable personal injury statute of limitations.

Remedial Action Upon Inappropriate Use of OCIS [3.2]

If you are using the Oklahoma Supreme Court’s Management Information Services (MIS), you are obliged to report any misuse, or possible misuse, of OCIS resources to the Administrative Director of the Courts for further investigation. The Administrative Director of the Courts (or the Director’s designee), the MIS Director, and the Information Security Officer shall investigate possible inappropriate use, and shall take all necessary action to ensure system security and protect court operations. If inappropriate use is determined, the employee, official, entity, or affiliate who must take immediate remedial action as directed shall be notified. Serious or repeated incidents of inappropriate use or possible misuse shall be reported to the Chief Justice of the Oklahoma Supreme Court, who shall determine if such use is inappropriate and shall determine whether further remedial action is appropriate.

Source(s):
Jurisdiction

Oklahoma