Data Breach

Subscribe to Data Breach via RSS
The Oklahoma state flag waving along with the national flag of the United States of America

Key point: Oklahoma recently updated its breach notification statute for the first time since enactment, aligning with broader state trends and underscoring the ongoing, continuous review of data breach notification laws by lawmakers.

Effective January 1, 2026, Oklahoma’s Senate Bill 626 substantially revises the state’s data breach notification statute by expanding the definition of personal information, introducing a regulatory notice requirement, and updating safe-harbor exemptions. The amendments are the first changes to the law since it was enacted in 2008 and are consistent with trends in other states in recent years. For example, California adopted similar amendments set to take effect on January 1, 2026.

The below article provides an overview of the amendments.

Data-Breach_1200x600_GettyImages-2210246405

Key Point: California’s existing breach notification statute was amended to include more decisive guidelines for reporting to individuals and regulators.

On October 5, 2025, California Governor Gavin Newsom signed SB-446 into law, which bill sponsor Sen. Melissa Hurtado (D-CA) indicates is aimed at “closing a critical loophole” in California’s existing breach notification statute. Below, we first provide a brief background on the scope of the law and then discuss the amendment.