Hunton Andrews Kurth writes:
On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance Act had previously established the Utah Cyber Center, a state initiative to coordinate efforts between local, state and federal resources by sharing threat intelligence and best practices.
In the Protection of Personal Information Act, SB 98 amends the Act to note that documents submitted to the Attorney General or Cyber Center may be deemed confidential and classified as a protected record if certain circumstances are met. SB 98 also amends §13-44-101 to include requirements reporting entities must include in the event that notification to the Utah Cyber Center or the Attorney General is required. Effective May 1, 2024, reporting entities must include the following information: the date the breach of system security occurred; the date the breach of system security was discovered; the total number of people affected by the breach of system security, including the total number of Utah residents affected; the type of personal information involved in the breach of system security; and a short description of the breach of system security that occurred.
Read more at Privacy & Information Security Law Blog.