The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”).  The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty provisions, including affirmative

Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use.  Failure to comply with such obligations can lead to significant financial and reputational harm.

In a recent settlement agreement with the SEC, a New York-based registered transfer agent, Equiniti Trust Company LLC, formerly known as American Stock Transfer &

Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs.  Those obligations are, in some instances, relatively nebulous, and organizations—for better or worse—have flexibility to determine what pre-incident safeguards and post-incident responsive actions

FTC Safeguards Law (and Car Dealerships)

June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information security program to comply with the Federal Trade Commission’s updated Safeguards Rule. For additional information, see our post: Reminder: The

Welcome to Utah - Life Elevated - Welcome Signs on Waymarking.comJust as businesses are preparing to ensure compliance with similar laws in California, Colorado, and Virginia, they soon will need to consider a fourth jurisdiction, Utah. On March 24, 2022, Governor Spencer Cox signed a measure enacting the Utah Consumer Privacy Act (UCPA). The UCPA is set to take effect December 31, 2023. Note,

Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities.  These businesses will also be barred from selling, leasing, trading, sharing or otherwise profiting from the biometric identifier information they collect from customers.  Customers