TLDR:
- Utah’s cybersecurity and data breach notification law was amended on May 1, 2024.
- The amendments include changes to the definition of personal data, data breach, and reporting requirements.
In a legal analysis by Dorothy Parson McDermott of Jackson Lewis P.C., it was outlined that the amendments to Utah’s cybersecurity and data breach notification law went into effect on May 1, 2024. The key elements of the amendments include:
Utah’s cybersecurity and data breach notification law requires organizations to prevent the unlawful use or disclosure of personal information collected by the organization. If a breach occurs, the organization must investigate and notify affected individuals.
The recent amendments have revised the definition of “personal data” to include information that is linked or can be reasonably linked to an identified individual. The amendments also define “data breach” and require reporting entities to provide specific information in breach notifications, including details on the breach and the number of individuals impacted.
Furthermore, governmental entities in Utah have additional reporting requirements when they discover a data breach, such as providing details on the means of access and the individual or entity responsible for the breach, if known.
Overall, these amendments aim to strengthen cybersecurity measures and enhance data breach notification processes in Utah to better protect personal information and mitigate the impact of security incidents.