July 25, 2021

Volume XI, Number 206


July 23, 2021

Subscribe to Latest Legal News and Analysis

Utah Privacy Law Would Be First to Require Search Warrant for Government to Access Stored Data

Utah Governor Gary Herbert is expected to sign a new privacy law in the coming weeks that will make his state the first to protect private electronic data stored with third-party providers from government access without a warrant.

Under the legislation passed unanimously by the Utah Legislature earlier this month, law enforcement agencies need a warrant to obtain information about an individual from wireless communications providers, email platforms, search engine providers, or social media companies.

While much of the focus over the past two years has been on laws to protect consumer privacy rights, protecting private information from disclosure to law enforcement has also generated attention. Traditionally, the general rule followed, on both the federal and state levels, has been that law enforcement agencies can access information through third-party providers because individuals have no reasonable expectation of privacy when they share their personal information with third parties.

The U.S. Supreme Court curbed that traditional rule in last year’s 5-4 opinion in Carpenter v. United States, in which the majority held that the government’s search of personal cell phone location information held by a wireless communications provider constitutes a Fourth Amendment search, and therefore requires a warrant. However, the opinion did not extend beyond location information, and the dissenting justices urged that legislation was needed to govern this body of law in a new age of technology.

Utah’s new law addresses the issue head-on by specifically providing that “a law enforcement agency may not obtain, without a search warrant issued by a court upon probable cause,” the location information from an electronic device or “electronic information or data transmitted by the owner of the electronic information or data to a remote computing service provider.” “Electronic information or data” is defined broadly to include “a sign, signal, writing, image, sound, or intelligence of any nature transmitted or stored in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system.” In other words, law enforcement agencies cannot obtain information about an individual from third-party service providers without obtaining a warrant. Notably, there are specific exceptions, such as when the third-party provider believes an emergency exists with risk of death, serious physical injury, or sexual abuse.

Assuming Gov. Herbert signs the bill, Utah likely will not be the last state to venture into this area of law. Companies should therefore keep in mind that on top of the growing patchwork of consumer privacy laws and regulations, they may face new laws and regulations that change longstanding practices in how they respond to requests from governmental agencies.

Copyright © by Ballard Spahr LLPNational Law Review, Volume IX, Number 87

About this Author

Philip Yannella, Ballard Spahr Law Firm, Philadelphia, Data Security Attorney

As Co-Practice Leader of Ballard’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Mr. Yannella regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of...

Gregory Szewczyk, Ballard Spahr Law Firm, Denver, Privacy and Litigation Attorney

Greg Szewczyk is a litigator with experience serving as a member of several trial and arbitration teams. His responsibilities include examining witnesses at trial; drafting opening and closing presentations; drafting dispositive, discovery and pretrial motions, as well as appellate briefs; taking and defending depositions; arguing evidentiary and procedural issues; preparing witnesses for testimony; and drafting scripts for direct and cross-examinations. He is also a member of the Denver office’s cybersecurity practice group.

Anthony Kaye, Ballard Spahr Law Firm, New York, Business Litigation Attorney

Anthony C. Kaye focuses on business litigation and complex civil litigation at both the trial and appellate levels in federal and state courts throughout the United States. Mr. Kaye has defended high-stakes, complex matters in a wide variety of areas, including consumer financial and mortgage banking services, intellectual property, business governance disputes, communications, product liability and mass torts, and real estate and construction.

Marjoree Peerce Litigator  Criminal Defense Ballard Law FIrm

Marjorie J. Peerce is a litigator, with a practice focus on white collar criminal defense, regulatory matters, and complex civil litigation. In her more than 30 years of practice, she has handled matters across the criminal and regulatory spectrum. She is Co-Managing Partner of the firm's New York Office.

Ms. Peerce appears in New York state and federal courts, as well as in federal districts around the country. She has handled criminal and regulatory investigations concerning, for example, violations of the Internal Revenue Code, securities...