Utah Becomes Latest US State to Pass a Data Privacy Law

Utah has passed a new privacy regulation, conferring new personal info legal rights and protections on the state’s citizens.

The Utah Client Privacy Act (UCPA) will take impact in below two years’ time, on December 31 2023. The provisions will implement to organizations with annual income of $25m or additional that conduct organization in Utah or generate merchandise or products and services specific at Utah citizens and system significant volumes of private knowledge.

Utah is the fourth US state to enact a customer privacy legislation in latest decades, next in the footsteps of California, Virginia and Colorado. These legal guidelines broadly observe the model established in the EU’s General Info Defense Regulation (GDPR), which was handed in 2016 and arrived into power in 2018.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

The UCPA will offer Utah individuals with a range of new rights relating to the collection and use of their own information and facts. These contain the correct to accessibility, delete and attain a duplicate of their private data in a portable fashion. In addition, they can select to choose out of the sale of their personal details and focused advertising and marketing.

Having said that, as opposed to California, Virginia and Colorado legal guidelines, the UCPA does not give consumers the capacity to correct inaccuracies in their individual facts. Organizations will also not be demanded to attain prior choose-in consent to method delicate info, these types of as racial origin, sexual orientation and spiritual beliefs. Even so, they will have to give individuals with obvious see and an prospect to choose-out of processing their delicate personal facts.

The Act will also demand controllers to put into practice reasonable and suitable details security measures, give particular content material in their privacy notices and include certain language in contracts with processors.

Unlike the other US condition privacy legislation, controllers will not be needed to carry out info protection assessments before participating in information processing things to do that existing a heightened risk of harm to individuals or to conduct cybersecurity audits or risk assessments.

Enforcement of the provisions will be only at the discretion of Utah’s legal professional common, with no personal proper of action obtainable. This enforcement method will be underneath a novel, multi-layered system, which will give facts controllers and processors a 30-working day period to fix the violation. If the issue is not settled in that timeframe, businesses can encounter fines of up to $7500 per violation.

In its coverage of the new legislation, the International Affiliation of Privacy Professionals (IAPP) stated: “Although the UCPA extends VCDPA-like rights and obligations particularly for Utah individuals and organizations, the law is not possible to insert specific criteria to an entity’s current privacy compliance obligations. Facially, the legislation is narrower and extra lenient than its counterparts in California, Virginia and Colorado.”