Data Security

Oklahoma Amends Data Breach Notification Statute

By Karla Ballesteros & Sadia Mirza on November 25, 2025

Posted in Cybersecurity, Data Breach, Data Security, Featured Posts, State Legislation

The Oklahoma state flag waving along with the national flag of the United States of America

Key point: Oklahoma recently updated its breach notification statute for the first time since enactment, aligning with broader state trends and underscoring the ongoing, continuous review of data breach notification laws by lawmakers.

Effective January 1, 2026, Oklahoma’s Senate Bill 626 substantially revises the state’s data breach notification statute by expanding the definition of personal information, introducing a regulatory notice requirement, and updating safe-harbor exemptions. The amendments are the first changes to the law since it was enacted in 2008 and are consistent with trends in other states in recent years. For example, California adopted similar amendments set to take effect on January 1, 2026.

The below article provides an overview of the amendments.

Third Circuit Provides Helpful Guidance on the “Party Exception” to Wiretap Liability and What Constitutes “Medical Information” Under the CMIA

By Angelo A. Stio III & Robert Jenkin on November 24, 2025

Posted in Cybersecurity, Data Security, Featured Posts, Litigation Updates

Key point: The Third Circuit Court of Appeals recently issued an opinion affirming the dismissal of a class action complaint asserting both California Invasion of Privacy Act (CIPA) and California Medical Information Act (CMIA) claims, providing helpful guidance on the application of the “party exception” defense to a wiretap claim, as well as the meaning of “medical information” under the CMIA claim.

Peabody Settlement Reaffirms Massachusetts AG’s Commitment to Protecting Consumer Personal Information

By Bianca Nalaschi & Sadia Mirza on September 19, 2025

Posted in Data Breach, Data Security, Litigation Updates

Data-Breach_1200x600_GettyImages-2210246405

Key point: Regulators will ensure corporate accountability by imposing stringent sanctions on businesses that are perceived as neglecting the protection of consumer personal information.

California Seeks Collaboration From the Global Privacy Frontier

By David Navetta, Michael Yaghi & Lauren Geiser on June 13, 2025

Posted in Data Security

Security_1200x600_GettyImages-1162361864

Troutman Pepper Locke attorneys assess California’s collaboration with other foreign governments on promoting privacy rights and what this means for the future of data protection worldwide.

The California Privacy Protection Agency recently announced that it signed a declaration of cooperation on privacy protections or collaboration with the UK Information Commissioner’s Office, its latest collaboration with a foreign government.

DOJ’s Data Security Program Is Blurry on Audits, Recordkeeping

By Peter Jeydel, James Koenig & David Navetta on May 22, 2025

Posted in Data Security

Webinars_1200x600_GettyImages-1406524821

Troutman Pepper Locke partners examine ambiguities in the Department of Justice’s compliance guidance for its new data security program.

The Department of Justice’s new data security program took effect on April 8. A few days later, the agency issued an implementation and enforcement policy that provides a 90-day leniency period for DSP civil enforcement through July 8, along with a compliance guide and frequently asked questions.

Privacy + Cyber + AI