Schedule a demo
See how you can maintain an inventory of UCPA-regulated data and provide regulators proof of 24/7 data monitoring, fulfillment of right-to-be-forgotten requests at endpoints, and policy enforcement.
Provide evidence to auditors of steps taken to secure the confidentiality of customer information collected and protect it against threats and unauthorized access.
The Utah Consumer Privacy Act is a state privacy law in the U.S. state of Utah that went into effect on May 1, 2021. The UCPA provides new rights to Utah residents with respect to the collection, use, and disclosure of their personal information by businesses. The UCPA is intended to give Utah residents more control over their personal information and to increase transparency and accountability for businesses that handle this information.
UCPA applies to businesses that operate in Utah or that collect, use, or disclose the personal information of Utah residents, regardless of the business’s location. This means that the UCPA could potentially apply to any business that has customers or users in Utah and that handles their personal information.
The UCPA applies to businesses of all sizes and types, including both for-profit and non-profit organizations. It does not apply to federal agencies or to companies that are subject to the federal Health Insurance Portability and Accountability Act (HIPAA).
UCPA applies to personal information that is collected, used, or disclosed by businesses. Personal information is defined broadly under the UCPA as any information that is linked or reasonably linkable to an individual consumer. This includes a wide range of data types, including the following:
Under UCPA, businesses that collect, use, or disclose the personal information of Utah residents are required to comply with certain provisions in order to protect the privacy of consumers. These compliance requirements include the following:
Overall, the UCPA is designed to give Utah residents more control over their personal information and to increase transparency and accountability for businesses that handle this information.
UCPA provides for enforcement by the Utah Attorney General and allows for both civil and criminal penalties for violations of the law.
Under the UCPA, the Utah Attorney General has the authority to investigate and bring enforcement actions against businesses that violate the law. The Attorney General may seek civil penalties of up to $2,500 per violation, or up to $7,500 per violation if the violation was intentional or involved sensitive personal information.
In addition to civil penalties, the UCPA also provides for criminal penalties for certain violations. For example, it is a class A misdemeanor, punishable by up to one year in jail and a fine of up to $2,500, to intentionally or recklessly obtain, use, or disclose personal information without the consumer’s affirmative consent.
In addition to enforcement by the Utah Attorney General, the UCPA also allows for private rights of action, meaning that individuals can bring lawsuits against businesses that violate the law. In such cases, individuals may be able to recover damages, attorneys’ fees, and other costs associated with the lawsuit.