Stay informed Utah’s new breach rules are now in effect

May 18, 2024
1 min read


TLDR:

  • Utah’s cybersecurity and data breach notification law was amended on May 1, 2024.
  • The amendments include changes to the definition of personal data, data breach, and reporting requirements.

In a legal analysis by Dorothy Parson McDermott of Jackson Lewis P.C., it was outlined that the amendments to Utah’s cybersecurity and data breach notification law went into effect on May 1, 2024. The key elements of the amendments include:

Utah’s cybersecurity and data breach notification law requires organizations to prevent the unlawful use or disclosure of personal information collected by the organization. If a breach occurs, the organization must investigate and notify affected individuals.

The recent amendments have revised the definition of “personal data” to include information that is linked or can be reasonably linked to an identified individual. The amendments also define “data breach” and require reporting entities to provide specific information in breach notifications, including details on the breach and the number of individuals impacted.

Furthermore, governmental entities in Utah have additional reporting requirements when they discover a data breach, such as providing details on the means of access and the individual or entity responsible for the breach, if known.

Overall, these amendments aim to strengthen cybersecurity measures and enhance data breach notification processes in Utah to better protect personal information and mitigate the impact of security incidents.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and