Bill > HB4132

This bill provides liability protections for counties and municipalities in Oklahoma against civil lawsuits for damages arising from data breaches or cybersecurity incidents, provided they have adopted and reasonably followed recognized cybersecurity frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Center for Internet Security (CIS) Critical Security Controls, or the ISO/IEC 27000 series of standards. To qualify for this protection, referred to as "safe harbor," local governments must annually self-certify their adherence to a chosen framework, maintain documentation of their cybersecurity practices (including policies, asset inventories, multi-factor authentication, patching, backups, employee training, and incident response plans), and undergo an independent review by an external assessor at least every three years, with the review report kept confidential. Additionally, counties and municipalities can voluntarily share summary information about their cybersecurity efforts with the State Auditor and Inspector for statewide benchmarking and educational purposes. This act is set to become effective on November 1, 2026.

Government Affairs

http://www.oklegislature.gov/BillInfo.aspx?Bill=hb4132&Session=2600