McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Utah

Protection of Personal Information Act
CITATION Utah Code §§ 13-44-101, -102, -201, -202, -310
ENACTED 2008
SUMMARY The law requires any person who conducts business in Utah and maintains personal information to implement and maintain reasonable procedures to protect the personal information and/or to properly destroy it. If a breach occurs, there is an obligation to conduct a good faith investigation and provide notice to individuals whose Personal Information is involved.
DATA COVERED

The law covers ‘Personal information’ which means a person's first name or first initial and last name, combined with any one or more of the following data elements relating to that person when either the name or date element is unencrypted or not protected by another method that renders the data unreadable or unusable:

  1. Social Security number;
  2. Financial account number, or credit or debit card number; and
  3. Any required security code, access code, or password that would permit access to the person's account; or
    Driver’s license number or state identification card number.
INDUSTRY Any person that conducts business in Utah and maintains Personal Information.
PENALTIES The law provides for a private right of action and authorizes the Attorney General to enforce the law. A violation can result in a civil fine ranging from two thousand five hundred dollars ($2,500) for a violation or series of violations concerning a specific consumer to no more than one hundred thousand dollars ($100,000) in the aggregate for related violations concerning more than one consumer. The law also requires the violator to pay the Attorney General’s expenses in inspecting the defendant’s records.
United States - English