(1) A governmental entity's government website shall include notice to a user of:
- (a) the identity of the governmental entity responsible for the government website;
- (b) how to contact the governmental entity that is responsible for the government website;
(c) the method by which a user may:
- (i) seek access to the user's personal data or user data;
- (ii) request to correct or amend the user's personal data or user data; and
- (iii) file a complaint with the data privacy ombudsperson; and
- (d) how an at-risk employee may request that the at-risk employee's personal information be classified as a private record under Section 63G-2-302.
(2) In addition to the website privacy notice requirement described in Subsection (1)(a), a government website that collects user data shall include in the website privacy notice the following information:
- (a) any website tracking technology that is used to collect user data on the government website;
- (b) what user data is collected by the government website;
- (c) all intended purposes and uses of the user data;
(d) the classes of persons and governmental entities:
- (i) with whom the governmental entity shares user data; or
- (ii) to whom the governmental entity sells user data; and
- (e) the record series in which the user data is included.
(3) A notice described in Subsection (1) or (2) shall be provided by prominently posting on the homepage of the government website:
- (a) the notice; or
- (b) a link to a separate webpage containing the notice.
- (4) A governmental entity may not collect user data on a government website unless the governmental entity has complied with the requirements in this section.
Enacted by Chapter 475, 2025 General Session