Bill > HB4132

This bill provides liability protections for counties and municipalities in Oklahoma against civil lawsuits for damages arising from data breaches or cybersecurity incidents, provided they have adopted and reasonably followed recognized cybersecurity frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Center for Internet Security (CIS) Critical Security Controls, or the ISO/IEC 27000 series of standards. To qualify for this protection, referred to as "safe harbor," local governments must annually self-certify their adherence to a chosen framework, maintain documentation of their cybersecurity practices (including things like multi-factor authentication and employee training), and undergo an independent review by an external expert at least every three years, with the review report kept confidential. Additionally, counties and municipalities can voluntarily share summary information about their cybersecurity efforts with the State Auditor and Inspector for statewide comparison and learning purposes. This new law will take effect on November 1, 2026.

Government Affairs, Transportation and Infrastructure

http://www.oklegislature.gov/BillInfo.aspx?Bill=hb4132&Session=2600