Utah State Security Breach Laws 

Effective Date: January 1, 2007

Definition of Personal Information: A person's first name or first initial and last name combined with any one or more of the following data elements relating to that person when either the name or data element is unencrypted or not protected by another method that renders the data unreadable or unusable:

(a) Social security number;
(b) Financial account number, or credit or debit card number; and any required security code, access code, or password that would permit access to the person's account; or
(c) Driver license number or state identification card number.

Summary: A person who owns or licenses computerized data that includes personal     information concerning a Utah resident shall, when the person becomes aware of a breach of  system security, conduct in good faith a reasonable and prompt investigation to determine the  likelihood that personal information has been or will be misused for identity theft or fraud purposes.