Utah State Security Breach Laws
Published February 11, 2011
Utah Code Annotated §§ 13-44-101 to 301
Senate Bill 69
Effective Date: January 1, 2007
Definition of Personal Information: A person's first name or first initial and last name combined with any one or more of the following data elements relating to that person when either the name or data element is unencrypted or not protected by another method that renders the data unreadable or unusable:
(a) Social security number;
(b) Financial account number, or credit or debit card number; and any required security code, access code, or password that would permit access to the person's account; or
(c) Driver license number or state identification card number.
Summary: A person who owns or licenses computerized data that includes personal information concerning a Utah resident shall, when the person becomes aware of a breach of system security, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused for identity theft or fraud purposes.
Visit the state Web site