Melissa Pascualini of Jackson Lewis The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty…
Category: State/Local
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
Hunton Andrews Kurth writes: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions. Key requirements,…
New York’s Latest Cyber Rules Pressure Small Companies, Vendors
Cassandre Coyer reports: As another cybersecurity compliance deadline hits in New York, the impact may be most deeply felt by smaller companies—as well as vendors and other businesses outside the financial sector that technically aren’t within scope of the regulation. The New York Department of Financial Services’ (NYDFS) latest Cybersecurity Regulation amendments go into effect…
North Dakota Expands Data Security Requirements and Issues New Licensing Requirements for Brokers
A.J. S. Dhaliwal, Mehul N. Madia, and Beineng Zhang of SheppardMullin write: On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates a new data security mandate for financial corporations—a category that includes non-depository entities regulated…
A Brief Reminder About the Florida Information Protection Act
Joseph Lazzarotti of JacksonLewis writes: According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including the Sunshine State. Perhaps more troubling is that class action litigation is more…
CPPA Brings Enforcement Action Against National Public Data
There’s been a state enforcement action against National Public Data, but it’s not for the data breach that resulted in the leak of 2.9 billion records. It’s for failure to register with California as a data broker. News: February 20, 2025 SACRAMENTO — The Enforcement Division of the California Privacy Protection Agency (CPPA) has brought…