Policymakers move forward with new data privacy legislation

Image: Millenius / Shutterstock

Utah state senators have passed a new consumer privacy bill governing how citizens’ data is processed and held.

The law, Senate Bill (SB) 227, sets guidelines regarding the right of access and deletion of consumers’ data and how to exercise those rights.

Amendments to SB 227 also stipulate that information regarding an individual’s medical history, mental or physical health condition, or medical treatment or diagnosis by a healthcare professional is considered sensitive data.


The bill applies to all organizations who conduct business in Utah or produce products or services targeted to Utah residents, has an annual revenue of $25 million or more, and satisfies one or more certain enumerated thresholds.

These thresholds include controlling or processing the personal data of 100,000 or more consumers.

The law does not apply to government agencies, business entities that are already subject to the Health Insurance Portability and Accountability Act (HIPAA), and any data that is already subject to the Federal Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), or the federal Drivers Privacy Protection Act (DPPA).

Read more of the latest news about policy and legislation

The bill has already been passed in the Senate and the House. The next step will see the bill passed to the governor for action.

More information about the Utah Consumer Privacy Act can be found on the official state website.

YOU MIGHT ALSO LIKE Equifax data breach: Consumers unlikely to benefit financially from final settlement