Oklahoma passed a bill amending breach of security requirements. Under the bill, a requirement was added that individuals and entities that own or license personal information must provide a security breach notification to the Attorney General if the security breach affects more than 500 or more Oklahoma residents. The bill also required that the security breach notification to the Attorney General be provided without unreasonable delay but in no event more than 60 days after providing notice to impacted Oklahoma residents and include the following information:
- The date of the breach;
- The date of the breaches determination;
- The nature of the breach;
- The type of personal information exposed;
- The number of Oklahoma residents affected;
- The estimated monetary impact of the breach to the extent such impact can be determined; and
- Any reasonable safeguards the entity employs.
In addition, the bill amended the definition of “personal information”. The bill becomes effective to the discovery determination or notification of a breach of the security of the system that occurs on or after January 1, 2026.
Click to view the Oklahoma Senate Bill 626: https://www.tenaco.com/wp-content/uploads/2025/06/OK-SB-626-05-29-25.pdf
