July 4, 2022

Volume XII, Number 185

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Utah Consumer Privacy Act Newest State Privacy Act Signed into Law

The newest state data privacy law, the Utah Consumer Privacy Act, was signed into law by Utah Governor Spencer J. Cox on March 24, 2022. This makes Utah the fifth state to pass its own privacy law instead of waiting for the federal government to enact a nationwide federal law.

There are other state laws that are pending in legislatures across the country, and we anticipate that others will be passed during this year’s legislative season.

Similar to the California, Nevada, Virginia and Colorado state privacy laws, the Utah Consumer Privacy Act provides consumers with the right to:

  • access and delete personal data maintained by certain businesses;

  • opt out of the collection and use of personal data for certain purposes;

  • requires some businesses to safeguard data, and provide transparency to consumers about how they collect and use data;

  • comply with a consumer’s request to exercise rights under the law;

  • provides consumers with the right to know what data a business collects, how it uses personal data and whether it sells the data;

  • requires a business to delete a consumers’ personal data or stop selling the data (with certain exceptions);

  • provides the Division of Consumer Protection jurisdiction to investigate consumer complaints regarding the processing of personal data; and

  • authorizes the Office of the Attorney General to enforce the law and impose penalties for violation.

The law includes broad definitions of personal and sensitive data, requires controllers of data to provide notice to consumers of collection of personal data and minimize the amount of data collected, and have appropriate security measures in place to protect personal data after collection.

Significantly, the Utah law pivots away from the rights provided in the California Consumer Privacy Act by not providing a private cause of action if the law is violated.

The law provides authority to the Attorney General to enforce its provisions and to seek recovery for actual damages of any consumer, and $7500 per violation of the law. Any funds received by the Attorney General for enforcement of the law will be deposited into the Consumer Privacy Account, which is designated a restricted account, so the funds can be used for enforcement actions and providing education to consumers up to $4,000,000.

The law becomes effective on December 31, 2023.

We anticipate more state privacy laws to be enacted this year, and we will update you on those laws as they are signed by Governors.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 84
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement