The Oklahoma state Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective Jan. 1, to address gaps in the state’s current cybersecurity framework. The amendment includes new definitions, mandates reporting to the state attorney general, clarifies compliance with similar laws, and provides revised penalty provisions, including affirmative defenses.

The amendment provides clearer definitions related to security breaches, specifying what constitutes “personal information” and “reasonable safeguards.”

• Personal Information: The existing definition for personal information was expanded to also include 1) a unique electronic identifier or routing code in combination with any required security code, access code, or password that would permit access to an individual’s financial account and 2) unique biometric data such as a fingerprint, retina or iris image, or other unique physical or digital representation of biometric data to authenticate a specific individual.
• Reasonable Safeguards: The amendment provides an affirmative defense in a civil action under the law for individuals or entities that have reasonable safeguards in place, which are defined as “policies and practices that ensure personal information is secure, taking into consideration an entity’s size and the type and amount of personal information. The term includes, but is not limited to, conducting risk assessments, implementing technical and physical layered defenses, ...

Read Full Story: https://news.google.com/rss/articles/CBMiswFBVV95cUxOdF91V29RSURoT3E0Y0dzejhq...