Policymakers move forward with new data privacy legislation
Utah state senators have passed a new consumer privacy bill governing how citizens’ data is processed and held.
The law, Senate Bill (SB) 227, sets guidelines regarding the right of access and deletion of consumers’ data and how to exercise those rights.
Amendments to SB 227 also stipulate that information regarding an individual’s medical history, mental or physical health condition, or medical treatment or diagnosis by a healthcare professional is considered sensitive data.
The bill applies to all organizations who conduct business in Utah or produce products or services targeted to Utah residents, has an annual revenue of $25 million or more, and satisfies one or more certain enumerated thresholds.
These thresholds include controlling or processing the personal data of 100,000 or more consumers.
The law does not apply to government agencies, business entities that are already subject to the Health Insurance Portability and Accountability Act (HIPAA), and any data that is already subject to the Federal Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), or the federal Drivers Privacy Protection Act (DPPA).
The bill has already been passed in the Senate and the House. The next step will see the bill passed to the governor for action.
More information about the Utah Consumer Privacy Act can be found on the official state website.