Ask Reggi Your Question Now
Can you summarize UTCO 13-44-202?
Protection of Personal Information > Personal information -- Disclosure of system security breach. (Effective 5/3/2023)
Short Summary
This legal document, part of the Protection of Personal Information Act in the Utah Code, requires persons who own or license computerized data containing personal information of Utah residents to conduct a reasonable and prompt investigation when they become aware of a breach of system security. If the investigation reveals that personal information has been or is likely to be misused for identity theft or fraud, the person must provide notification to each affected Utah resident. Additional notification is required if the breach affects 500 or more Utah residents, including notification to the Office of the Attorney General and the Utah Cyber Center. If the breach affects 1,000 or more Utah residents, notification to consumer reporting agencies is also required. The document also outlines the timing requirements for providing notification, cooperation between data owners and maintainers, and the ability to delay notification at the request of law enforcement. Various methods of notification are allowed, including written, electronic, telephone, and publishing notice in a newspaper. The document also provides provisions for compliance with other information security policies or applicable laws, confidentiality of information provided to the Office of the Attorney General or the Utah Cyber Center, and the prohibition of waivers. The document was amended by Chapter 496 of the 2023 General Session.
Whom does it apply to?
Persons who own or license computerized data that includes personal information concerning a Utah resident, and persons who maintain computerized data that includes personal information that they do not own or license
What does it govern?
Disclosure of system security breach
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Not specified.
Jurisdiction
Utah