Bill > HB4132

This bill provides liability protections for counties and municipalities in Oklahoma against civil lawsuits for damages arising from data breaches or cybersecurity incidents, provided they have adopted and reasonably followed recognized cybersecurity frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Center for Internet Security (CIS) Critical Security Controls, or the ISO/IEC 27000 series of standards. To qualify for this protection, referred to as "safe harbor," these local governments must annually self-certify their conformity to a chosen framework, maintain documentation of their cybersecurity practices (including things like asset inventories, multi-factor authentication, employee training, and disaster recovery plans), and undergo an independent review by an external expert at least every three years, with the review report kept confidential. Additionally, counties and municipalities can voluntarily share summary information about their cybersecurity efforts with the State Auditor and Inspector for statewide benchmarking and educational purposes. This new law will take effect on November 1, 2026.

Government Affairs

http://www.oklegislature.gov/BillInfo.aspx?Bill=hb4132&Session=2600