May 10, 2021

Volume XI, Number 130

Advertisement

May 10, 2021

Subscribe to Latest Legal News and Analysis

May 07, 2021

Subscribe to Latest Legal News and Analysis

New Utah Privacy Law Expands Warrant Requirement for Individuals’ Data Held by Electronic Communications Service Providers

On March 27, 2019, Utah Governor Gary Herbert signed HB 57, a bill designed to increase privacy protections by requiring law enforcement to obtain a search warrant before being able to access a person’s data held by electronic communication or remote computing service providers, including location information.

The bill, called the “Electronic Information or Data Privacy Act,” was introduced by Representative Craig Hall (R-Utah), who stated that the goal of the bill “is to provide the same protections we have in the physical world and apply those to the electronic world.”

Just last year, in Carpenter v United States, 138 S.Ct. 2206 (2018), the Supreme Court declared a Fourth Amendment privacy right for cell phone location data. The Court revised its long-held “reasonable expectation of privacy” test and ruled that law enforcement obtaining cell site location information records from a person’s cell phone service provider constitutes a search under the Fourth Amendment and requires a warrant.

Even when such ruling expanded the privacy protection to information shared with a third party, it was a narrow decision referring only to location data in possession of wireless providers. Chief Justice Roberts recognized this and admitted that further expansion of these protections would be better achieved through state legislatures that could develop an “entirely new body of Fourth Amendment case law.”

Following the Chief Justice’s hint, Utah enacted the “Electronic Information or Data Privacy Act” that protects electronic data held by a third party from warrantless access by law enforcement. Specifically, subject to a few exceptions, the law imposes a warrant requirement for law enforcement to obtain (i) location information, stored data, or transmitted data of an electronic device, or (ii) electronic information or data transmitted by the owner thereof to a remote computing service provider. As used here, the term “electronic information or data” means “information or data including a sign, signal, writing, image, sound, or intelligence of any nature transmitted or stored in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system.”

Notably, this law expressly carves out an exception for “subscriber records,” defined as “a record or information of a provider of an electronic communication service or remote computing service that reveals the subscriber's or customer's: (a) name; (b) address; (c) local and long distance telephone connection record, or record of session time and duration; (d) length of service, including the start date; (e) type of service used; (f) telephone number, instrument number, or other subscriber or customer number or identification, including a temporarily assigned network address; and (g) means and source of payment for the service, including a credit card or bank account number.” By exempting such subscriber records from the warrant requirement, the Utah law tracks the familiar set of non-content records that can be obtained through a 2703(c)(2) subpoena under the federal Stored Communications Act (SCA), 18 U.S.C. §§ 2701 et seq.

Finally, the new Utah law requires that law enforcement agencies notify the owner of electronic information or data in question, or of the electronic device, once they have executed a search warrant to access that information. This must be completed within 14 days after law enforcement obtains the information pursuant to the warrant. Later, law enforcement must destroy the information in an unrecoverable manner as soon as reasonably possible after it was collected.

 Utah’s new law will no doubt impact how electronic communications and remote computer service providers handle law enforcement requests for electronic evidence – especially as other states follow Utah’s lead – and could well lead to litigation over how such state law requirements operate alongside the federal SCA. In this evolving legal landscape, providers of telecommunications, digital messaging, and other electronic communications or remote computing services should reexamine how they handle law enforcement requests for electronic evidence. Providers facing an uptick in electronic evidence requests may also want to consider sharing specific guidelines through the ISP List used by law enforcement agencies for sending requests.

Advertisement
Copyright © 2021 Womble Bond Dickinson (US) LLP All Rights Reserved.National Law Review, Volume IX, Number 102
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Allen O'Rourke, Womble Carlyle, Cybercrime Prosecution Lawyer, Breach Investigations Attorney

Drawing upon years of experience prosecuting cybercrime, Allen comes to the aid of clients affected by data breaches and cyber-attacks. He works with clients’ legal and information security teams to investigate cybersecurity incidents, coordinate the remediation of any breach, interface with law enforcement as appropriate, and ensure compliance with applicable data breach laws and regulations. In addition to incident response, Allen defends clients facing government investigations, regulatory enforcement actions, consumer class actions, and other litigation arising from...

704-350-6357
Ernesto Mendieta Telecom Attorney
Associate

Ernesto Mendieta is an experienced bilingual attorney with a history of helping international clients resolve complex matters.  

Ernesto began his career in Mexico as an associate at one of the world’s largest law firms, before specializing in telecommunications law at Mexico’s preeminent telecommunication boutique firm. In that capacity, Ernesto worked with competitive carriers entering the Mexican telecommunications market on all aspects of regulatory compliance and corporate formation. He helped several U.S. companies start operations in Mexico as ISPs, MVNOs, resellers and e-...

202-857-4432
Advertisement
Advertisement