Photo of Karla Ballesteros

Karla Ballesteros

Subscribe to Karla Ballesteros's Posts

Karla is an associate in the firm's Privacy + Cyber practice. Her daily work includes counseling insureds on the initial incident response, potential ransom payment, restoration, data mining, and notification segments of the incident response practice. She also leads efforts to identifying and remediating shortcomings in cybersecurity and privacy practices of firm clients.

Contact:Read more about Karla Ballesteros
The Oklahoma state flag waving along with the national flag of the United States of America

Key point: Oklahoma recently updated its breach notification statute for the first time since enactment, aligning with broader state trends and underscoring the ongoing, continuous review of data breach notification laws by lawmakers.

Effective January 1, 2026, Oklahoma’s Senate Bill 626 substantially revises the state’s data breach notification statute by expanding the definition of personal information, introducing a regulatory notice requirement, and updating safe-harbor exemptions. The amendments are the first changes to the law since it was enacted in 2008 and are consistent with trends in other states in recent years. For example, California adopted similar amendments set to take effect on January 1, 2026.

The below article provides an overview of the amendments.