Estimated reading time: 2 minutes, 36 seconds

Utah Becomes Latest State to Pass Data Privacy Law Featured

Utah Becomes Latest State to Pass Data Privacy Law Jason Dent

Utah has become the latest state to pass a data privacy law. Taking effect on December 31, 2023 - the Utah Consumer Privacy Act (UCPA) will apply to organizations with annual revenue of $25M or more that conduct business in Utah or produce products or services targeted at Utah residents and process large volumes of personal data.

Under the UCPA, consumers have the right to access and delete their personal data. They can also choose to opt out of the sale of their personal data and/or targeted advertising that leave many consumers feeling vulnerable.

Utah joins California, Colorado, and Virginia as the only states that have outlined distinct data privacy laws. Data privacy has been a hot button issue as data breaches and phishing attacks against an organization can leave consumers’ private information vulnerable. Despite various attempts, there is currently no federal law as congress has failed to come up with a consensus similar to the EU’s General Data Protection Regulation (GDPR) established in 2018. Because of this – many states have taken it upon themselves to pass data privacy legislation with California leading the way- passing the California Consumer Privacy Act (CCPA) in 2018.

When measured up against the three other state legislation around data privacy – UCPA appears to me more lenient towards businesses that break the law – while the other states’ laws appear to be stricter towards businesses and how they collect, share, and manage personal data.  For instance, under the UCPA – it does not require companies to correct data at a customer’s request – only delete it. And unlike the other state laws – companies under the new Utah law are not required to undergo a data protection assessment that lists the ways they plan on keeping a customer’s data safe which some critics may say do not allow for full transparency. 

When it comes to enforcement – businesses will be at the mercy of Utah’s attorney general who has sole discretion over fines and punishments for those organization found in contempt of the law . According to the law – the enforcement process will be rigorous – giving an organization a 30-day period to fix the violation. If the violation is not fixed within the 30-day window a company can face up to $7,500 per violation.

In an interview with Infosecurity – Reece Hirsh, partner and co-head of the Morgan Lewis’ Privacy & Cybersecurity practice said;  "The UCPA takes a somewhat more measured, business-friendly approach to consumer privacy regulation when compared with other recent state laws. Companies should be able to integrate compliance with the Utah law into their existing privacy compliance strategies for 2023 without major disruption."

Republican State Senator Kirk Cullimore who sponsored the law explained that it “guarantees rights to consumers while avoiding unnecessary regulation for corporations.” He adds that - “This bill is a win for both Utahns and businesses, and I hope it will serve as a model for other states.”

According to the US State Privacy Legislation Tracker – there are currently 17 active bills going through the legislative process today. Of those 17, three states - Oklahoma, Iowa, and Maryland have bills currently presiding in cross-committee.

Read 872 times
Rate this item
(0 votes)
Danielle Loughnane

Danielle Loughnane earned her B.F.A. in Creative Writing from Emerson College and has been working in the marketing and data science field since 2015. 

https://danielleloughnane.com/

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.