Utah Enacts Amendments to State Breach Notification Law
Time 2 Minute Read
Categories: Security Breach, U.S. State Law

On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance Act had previously established the Utah Cyber Center, a state initiative to coordinate efforts between local, state and federal resources by sharing threat intelligence and best practices.

In the Protection of Personal Information Act, SB 98 amends the Act to note that documents submitted to the Attorney General or Cyber Center may be deemed confidential and classified as a protected record if certain circumstances are met. SB 98 also amends §13-44-101 to include requirements reporting entities must include in the event that notification to the Utah Cyber Center or the Attorney General is required. Effective May 1, 2024, reporting entities must include the following information: the date the breach of system security occurred; the date the breach of system security was discovered; the total number of people affected by the breach of system security, including the total number of Utah residents affected; the type of personal information involved in the breach of system security; and a short description of the breach of system security that occurred.

SB 98 changes §63A-16-1101 by establishing that the definition of a “data breach” for the purposes of reporting to the Utah Cyber Center under §63A-16-1101 to be the unauthorized access, acquisition, disclosure, loss of access, or destruction of (1) personal data affecting 500 or more individuals or (2) data that comprises the security, confidentiality, availability or integrity of the computer systems used or information maintained by a governmental entity. The current language under §63A-16-1101 does not include a definition of a “data breach” for purposes of notifying the Utah Cyber Center.

The Bill also sets notification obligations for governmental entities when notifying the Utah Cyber Center.

SB 98 is effective May 1, 2024.

Tags: Legislation, Personal Data, State Attorneys General, Utah
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
By and

SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making. It would amend provisions in the Business and Professions Code and the Code of Civil Procedure to address confidentiality, accuracy, bias, and citation verification for attorneys, and to prohibit delegation of arbitral decision-making to AI while adding disclosure and responsibility requirements for arbitrators.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
New York Proposes Nation-Leading Buy Now, Pay Later Regulations
By and

On Feb. 23, 2026, New York Governor Kathy Hochul announced that the New York Department of Financial Services (“NYDFS”) had published proposed rules implementing the state’s Buy Now, Pay Later (“BNPL”) law.  The proposal would establish the nation’s first comprehensive regulatory framework for the rapidly growing pay-over-time consumer market niche. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page