From Jackson Lewis’s Workplace Privacy, Data Management & Security Report:
The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”).
… In the new year, entities required to provide notice to impacted individuals under the law in case of a breach will also be required to notify the Attorney General. The notification must include specific details including, but not limited to, the type of personal information impacted the nature of the breach, the number of impacted individuals, the estimated monetary impact of the breach to the extent such can be determined, and any reasonable safeguards the entity employs. The notification to the Attorney General must occur no more than 60 days after notifying affected residents.
However, breaches affecting fewer than 500 residents, or fewer than 1,000 residents in the case of credit bureaus, are exempt from the requirement to notify the Attorney General.
Read more at: Workplace Privacy, Data Management & Security Report
