The bill amends the Security Breach Notification Act in Oklahoma, updating several sections to enhance the definitions and requirements surrounding data breaches. Key modifications include the clarification of what constitutes a "breach of the security of a system," the introduction of new definitions such as "reasonable safeguards," and the requirement for entities to notify the Attorney General of a breach within 60 days of notifying affected residents. The bill also specifies the contents of the required notice and provides exemptions from certain notice requirements based on the number of residents affected by the breach.

Additionally, the bill revises the enforcement mechanisms and civil penalties associated with violations of the act. It establishes that entities using reasonable safeguards and providing the required notice may avoid civil penalties, while those failing to implement such safeguards but still notifying will face reduced penalties. The act will apply to breaches occurring on or after January 1, 2026, ensuring that the updated provisions are in effect for future incidents.