Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Back
LinkedIn Created with Sketch. Twitter Created with Sketch.
20 March 2024

Utah: Bill on data security and privacy amendments signed by Governor

Privacy Law ReformBreach NotificationIncident and Breach

On March 19, 2024, Senate Bill 98 on Online Data Security and Privacy Amendments was signed by the Governor of Utah following its introduction, on January 16, 2024, to the Utah State Senate.

The bill amends the definition of a data breach under §63A-16-1101 of the Utah Code, defining a 'data breach' as 'the unauthorized access, acquisition, disclosure, loss of access, or destruction of:

  • personal data; or
  • data that compromises the security, confidentiality, availability, or integrity of the computer systems used or information maintained by the governmental entity.'

How does the bill amend obligations related to data breach notification?

The bill highlights amendments to the requirement for organizations to notify the Office of the Attorney General (AG) or the Utah Cyber Center (the Cyber Center) of a data breach under §13-44-202(1)(c) of the Utah Code. Specifically, the bill provides that persons providing notification under §13-44-202(1)(c) of the Utah Code must include the following information in the notification, to the extent the information is known or available at the time the person provides the notification:

  • the date of the breach of system security affected;
  • the date the breach of system security was discovered;
  • the total number of people affected by the breach of system security, including the total number of Utah residents affected;
  • the type of personal information involved in the breach of system security; and
  • a short description of the breach of system security that occurred.

In addition, the bill stipulates that when governmental entities notify the Cyber Center of a data breach under §13-44-202(1)(a) of the Utah Code, the governmental entity must include in the notification:

  • the date the data breach occurred;
  • the date the data breach was discovered;
  • the total number of people affected by the data breach, including the total number of Utah residents affected;
  • the type of personal data involved in the data breach;
  • a short description of the data breach that occurred;
  • the path or means by which access was gained to the system, computer, or network if known;
  • the individual or entity who perpetrated the data breach, if known; and
  • any other details requested by the Cyber Center.

When does the bill enter into effect?

The bill enters into effect on May 1, 2024.

You can read the bill and track its progress here.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.
Feedback