It is the policy of Utah that:
- (1) an individual has a fundamental interest in and inherent expectation of privacy regarding the individual's personal data that the individual provides to a governmental entity;
- (2) a governmental entity shall process personal data in a manner that is consistent with the interests and expectations described in Subsection (1);
(3) the state shall encourage innovation to enhance the ability of a governmental entity to:
- (a) protect the privacy of an individual's personal data;
- (b) provide clear notice to an individual regarding the governmental entity's processing of the individual's personal data;
- (c) process personal data only for specified, lawful purposes and only process the minimum amount of an individual's personal data necessary to achieve those purposes;
- (d) implement appropriate consent mechanisms regarding the uses of an individual's personal data;
- (e) provide an individual with the ability to access, control, and request corrections to the individual's personal data held by a governmental entity;
- (f) maintain appropriate safeguards to protect the confidentiality, integrity, and availability of personal data;
- (g) account for compliance with privacy related laws, rules, and regulations that are specific to a particular governmental entity, program, or personal data; and
- (h) meet a governmental entity's and an individual's business and service needs;
(4) the state shall promote training and education programs for employees of governmental entities focused on:
- (a) data privacy best practices, obligations, and responsibilities; and
- (b) the overlapping relationship with privacy, records management, and security; and
- (5) the state shall promote consistent terminology in data privacy requirements across governmental entities.
Amended by Chapter 475, 2025 General Session