The bill amends the Security Breach Notification Act in Oklahoma, updating several sections to enhance the definitions and requirements surrounding data breaches. Key modifications include the clarification of terms such as "breach of the security of a system," "personal information," and "notice." The bill mandates that individuals or entities must provide notice of any security breach to affected residents and the Attorney General within specified timeframes. It also introduces exemptions for breaches affecting fewer than 500 residents and outlines the confidentiality of information submitted to the Attorney General.

Additionally, the bill revises the enforcement mechanisms and civil penalties associated with violations of the act. It establishes that the Attorney General or district attorneys can enforce the act, with penalties reaching up to $150,000 per breach. However, entities that implement reasonable safeguards and comply with notification requirements may avoid civil penalties. The act will take effect on January 1, 2026, and includes updates to statutory language and references to ensure clarity and compliance with current standards.