Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Follow:

Oklahoma Amends Data Breach Notification Statute

By Karla Ballesteros & Sadia Mirza on November 25, 2025

Posted in Cybersecurity, Data Breach, Data Security, State Legislation

The Oklahoma state flag waving along with the national flag of the United States of America

Key point: Oklahoma recently updated its breach notification statute for the first time since enactment, aligning with broader state trends and underscoring the ongoing, continuous review of data breach notification laws by lawmakers.

Effective January 1, 2026, Oklahoma’s Senate Bill 626 substantially revises the state’s data breach notification statute by expanding the definition of personal information, introducing a regulatory notice requirement, and updating safe-harbor exemptions. The amendments are the first changes to the law since it was enacted in 2008 and are consistent with trends in other states in recent years. For example, California adopted similar amendments set to take effect on January 1, 2026.

The below article provides an overview of the amendments.

California Amends Breach Notification Statute

By Bianca Nalaschi & Sadia Mirza on October 14, 2025

Posted in Data Breach, State Legislation

Data-Breach_1200x600_GettyImages-2210246405

Key Point: California’s existing breach notification statute was amended to include more decisive guidelines for reporting to individuals and regulators.

On October 5, 2025, California Governor Gavin Newsom signed SB-446 into law, which bill sponsor Sen. Melissa Hurtado (D-CA) indicates is aimed at “closing a critical loophole” in California’s existing breach notification statute. Below, we first provide a brief background on the scope of the law and then discuss the amendment.

CPPA Announces $1.35M Enforcement Action

By David Stauss, Sadia Mirza, Shelby Dolen, Marlaina Pinto & TK Lively on October 1, 2025

Posted in Compliance, State Legislation

Security_1200x600_GettyImages-2153383852

Key point: The enforcement action alleges that the retailer failed to provide adequate privacy disclosures to website visitors and job applicants, failed to effectuate opt-out requests, including recognizing the Global Privacy Control signal, and lacked legally compliant data processing agreements with third parties.

Peabody Settlement Reaffirms Massachusetts AG’s Commitment to Protecting Consumer Personal Information

By Bianca Nalaschi & Sadia Mirza on September 19, 2025

Posted in Data Breach, Data Security, Litigation Updates

Key point: Regulators will ensure corporate accountability by imposing stringent sanctions on businesses that are perceived as neglecting the protection of consumer personal information.

3 Takeaways From Recent Cyberattacks On Healthcare Cos.

By Sadia Mirza, Brent Hoard & Kaitlin Clemens on June 4, 2025

Posted in Cybersecurity

Information-Governance_1200x600_GettyImages-2095563711

Significant data breaches have affected major players in the healthcare industry in the last year, with the methods of attack being as diverse as the affected entities themselves.

Privacy + Cyber + AI