Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Oklahoma · Title 18 — Corporations

§18-2070. Affirmative defense — Conditions.

346 words·~2 min read·/ok/title-18-corporations/18-2070·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A. The requirements of this section are voluntary; provided, a covered entity may only seek an affirmative defense under this act if the following conditions are met:
1. A covered entity seeking an affirmative defense under this act shall create, maintain, and comply, including documentation of such compliance, with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, as described in this section;
2. A covered entity's cybersecurity program shall be designed to do all of the following with respect to the information described in paragraph 1 of this subsection, as applicable:
a. protect the security and confidentiality of the
information,
b. protect against any anticipated threats or hazards to
the security or integrity of the information, and
c. protect against unauthorized access to and acquisition
of the information that is likely to result in a
material risk of identity theft or other fraud to the
individual to whom the information relates;
3. The scale and scope of a covered entity's cybersecurity program under this subsection is appropriate if it is based on all of the following factors:
a. the size and complexity of the covered entity,
b. the nature and scope of the activities of the covered
entity,
c. the sensitivity of the information to be protected,
d. the cost and availability of tools to improve
information security and reduce vulnerabilities, and
e. the resources available to the covered entity; and
4. The cybersecurity program shall contain requirements that it be reviewed, evaluated, and updated on at least an annual basis and shall require documentation of the same.
B. A covered entity that satisfies paragraphs 1 through 4 of subsection A of this section is entitled to an affirmative defense to any cause of action sounding in tort that is brought alleging that the failure to implement reasonable information security controls resulted in a data breach concerning personal information or restricted information. Added by Laws 2023, c. 84, § 3, eff. Nov. 1, 2023.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.