The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty provisions, including affirmative
Data Breach Notification
Florida Bar Urges Law Firms to Adopt Incident Response Plans: A Call to Action for Legal Professionals
In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to better prepare for and respond to data security incidents. The recommendation reflects a growing recognition across professional service industries—particularly law firms—of…
Happy Privacy Day: Emerging Issues in Privacy, Cybersecurity, and AI in the Workplace
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel must navigate a rapidly evolving landscape of legal and regulatory requirements. This National Privacy Day, it’s crucial to spotlight emerging issues in workplace technology…
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data. These situations can severely impact a business, especially when departing employees abscond with confidential business information or trade secrets. Focusing on how the theft…
FAQs for Schools and Persons Affected By the PowerSchool Data Breach
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50 million students in the United States. According to reports, PowerSchool informed customers that, on December 28, 2024, PowerSchool became aware of…
Patient’s Request for Records Uncovers Dental Practice’s Ransomware Attack, Leading to $350K Settlement
The Indiana Attorney General Office (OAG) filed a detailed complaint on December 23, 2024 (Complaint) which arose out of the following patient complaint:
The OAG received a consumer complaint stating that the consumer had contacted Arlington Westend Dental on multiple occasions to receive copies of their x-rays, but Arlington Westend Dental stated it no longer…
New York Enacts Immediate Updates to Breach Notification Law
Governor Kathy Hochul signed several bills last month designed to strengthen protections for the personal data of consumers. One of those bills (S2659B) makes important changes to the notification timing requirements under the Empire State’s breach notification law, Section 899-aa of the New York General Business Law. The bill was effective immediately…
Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks. Perhaps the most significant reason these risks remain: third-party service providers or vendors.
For most businesses, particularly small to medium-sized businesses, service providers…
Colorado Expands Protections for Biometric Information under the Colorado Privacy Act
When Colorado enacted the Colorado Privacy Act (CPA), it included “biometric data that may be processed for the purpose of uniquely identifying an individual.” However, the CPA as originally drafted did not cover the personal data of individuals acting in a commercial or employment context. Last week, Colorado amended the CPA to broaden the protections…
Utah Updates to Breach Notification Requirements Take Effect
On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect.
The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization.
Under the requirements, if an organization that…