DATA RISK INTELLIGENCE    |    GDPR       |    WHITEPAPERS

Contact us Today!


The Utah Consumer Privacy Act

The Utah Consumer Privacy Act

The Utah Consumer Privacy Act (UCPA) has nearly been passed.  It was passed in the Utah Senate on February 25. The Utah House made some minor changes to the bill (SB 227) and passed the law on March 2.  The Senate then approved the changes from the House and sent the bill to the governor to be signed into law.

The law would probably not go into effect until December 31, 2023.  At which point it would join the California Consumer Privacy Act (CCPA) [currently in effect] and the Virginia Consumer Data Protection Act (VCDPA) [effective January 1, 2023] and the Colorado Privacy Act (CPA) [effective July 1, 2023] as the comprehensive data privacy laws in the United States.

If passed, the law would provide consumers with rights of access, deletion, and opt-out.  It would require controllers and processors to properly protect consumer personal data.

Controllers would have to be transparent about how they use consumer personal data.  If a consumer made an access, deletion, or opt-out request, the controller would have to comply with the request.

If a consumer believes that a controller or processor has violated the law, they can submit a complaint to the Division of Consumer Protection.  The division would then investigate the complaint.  If the director of the Division of Consumer Protection has reasonable cause to believe that a controller or processor identified in a consumer complaint is in violation of the law, he refers it to the Attorney General’s Office.

The Attorney General needs to provide the controller or processor with a 30-day cure period.  That would consist of sending the controller or processor written notice identifying each provision of the law that the offender is purported to have violated.  Along with identifying each provision, the Attorney General should provide an explanation of the basis for each allegation.  After that point, the Attorney General’s Office could bring an enforcement action against offending controllers and processors and if necessary impose penalties.  However, if the controller or processor cures the noticed violations with 30 days of notice from the attorney general, and notifies the attorney general in writing that they have cured the violation and they will not continue the violation, then the Attorney General will not initiate an action against them.

As more laws are passed, it becomes more and more important to have data privacy solutions at your company’s disposal.  Clarip can help.  Clarip provides solutions for the compliance requirements of the CCPA, the GDPR, the LGPD, and is ready for the VCDPA, the CPA, and the UCPA (should it be signed into law).  We offer automated data subject request fulfillment, automated data mapping, website scanning, vendor management, consent management and much more.  Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more.

Email Now:

Mike Mango, VP of Sales
mmango@clarip.com

CONTACT

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

    •   888-252-5653