Utah Consumer Privacy Act Termageddon

Utah Consumer Privacy Act: why you need a Privacy Policy page

by | Denver, Education, Privacy

On March 25, 2022 Utah became the sixth state to enact a comprehensive privacy law, the Utah Consumer Privacy Act. This law provides new consumer privacy rights to residents of Utah and imposes various privacy obligations upon certain businesses, such as the requirement to have a comprehensive Privacy Policy. This law goes into effect on December 31, 2023 and businesses that need to comply with this law should start preparations now to ensure that they are ready before the effective date.

In this compliance guide, we will discuss the following things that you need to know about this new law:

  • Who needs to comply with the Utah Consumer Privacy Act;
  • How the law defines personal data;
  • The privacy rights provided by this law;
  • The Privacy Policy requirements of the Utah Consumer Privacy Act; and
  • Penalties for failure to comply.

Who needs to comply with the Utah Consumer Privacy Act

Privacy laws are created to protect individuals and not businesses and thus can have a very broad application, applying to businesses located outside of the state or country in which the laws were enacted. The Utah Consumer Privacy Act is no exception as it applies to anyone collecting the personal data of Utah residents that does business in Utah or that produce a product or service that is targeted to consumers that are located in Utah and that meet one or more of the following criteria:

  • Has annual revenue of $25,000,000 or more; and
  • Meets one of the following thresholds:
    • During a calendar year, controls or processes the personal data of 100,000 or more Utah residents; or
    • Derives 50% or more of its annual gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more Utah consumers.

It is important to note that the Utah Consumer Privacy Act exempts nonprofits, meaning that only for-profit businesses will need to comply with this law.

How does the Utah Consumer Privacy Act define personal data?

Since the Utah Consumer Privacy Act applies only to businesses that collect personal data, it is important to define what personal data means under this law. The law defines “personal data” as any information that is linked or reasonably linkable to an identified individual or an identifiable individual. This means that the information commonly collected by business websites such as names, emails, phone numbers, IP addresses or physical addresses would all be considered personal data under this law. If your website collects personal data as defined by this law and meets the criteria above, you will need to comply with this new privacy law.

The privacy rights provided by this new law

The purpose of the Utah Consumer Privacy Act is to protect the privacy of residents of Utah. The law achieves this purpose by providing the following privacy rights to individuals residing in Utah:

  • The right to confirm whether a controller is processing the consumer’s personal data;
  • The right to access the personal data that a controller holds about an individual;
  • The right to delete the personal data;
  • The right to obtain a copy of the personal data in a format that is portable, readily usable, and allows the consumer to transmit the data to another controller without impediment (where technically feasible);
  • The right to opt out of the processing of personal data for the purpose of targeted advertising;
  • The right to opt out of the sale of their personal data.

Upon receipt of a consumer request to exercise their privacy rights, the business must respond to the consumer within 45 days, though this period can be extended by an additional 45 days if needed.

Privacy Policy requirements of the Utah Consumer Privacy Act

If this law applies to you, you will be required to post a Privacy Policy that includes the following disclosures:

  • The categories of personal data that you process;
  • The purposes for which you process that personal data;
  • How consumers can exercise their privacy rights;
  • The categories of personal data that you share with third parties, if any;
  • The categories of third parties, if any, with whom you share personal data;
  • If you sell personal data or engage in targeted advertising, the manner in which consumers may opt out of such use or sales.

If the Utah Consumer Privacy Act applies to you, consider using Termageddon’s Privacy Policy generator, which will automatically update your Privacy Policy with newly required disclosures under this law.

Penalties for failure to comply

The Utah Consumer Privacy Act will go into effect on December 31, 2023 and will be enforced by the Utah Attorney General. Like other privacy laws, this law imposes heavy penalties for non-compliance, up to $7,500 per violation. In this case, per violation means per website visitor whose privacy rights you infringed upon, meaning that the penalties can compound to a hefty fine.

Termageddon is currently tracking this new privacy law and will track any developments, including amendments to the law and Attorney General guidelines as to how to comply with this law. Prior to the law taking effect, if you have a Termageddon account, your policies will be updated with the newly required disclosures under this law if the law applies to you. If you do not currently have a Privacy Policy or do not have a strategy to keep it up to date with changes such as this one, make sure to check out Termageddon’s Privacy Policy generator.


If you have questions or need assistance setting up your page, reach out! You can also check out part one of our series on privacy policies here.

sam-email

Samantha

Samantha is the founder and creative director for Shanty Town Design. She spends much of her day discussing clients' brand and web strategies, directing and creating with team members to achieve design goals, and brainstorming business opportunities. She enjoys gardening, astrology, traveling, exploring everything strange & unusual, and spending time with her small pack of dogs.

Blog Archives

 

WP Engine logo

St Websitewellnesspopup V2

Sign Up for Our Newsletter

Subscribe and get our Website Wellness Checklist for FREE.

This field is for validation purposes and should be left unchanged.

Shanty Town Design uses Accessibility Checker to monitor our website's accessibility.