Closing Out 2023 with Utah’s Privacy Law

Julia Kadish
Sheppard Mullin Richter & Hampton LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Sheppard Mullin Richter & Hampton LLP

This year has been active on the state “comprehensive” privacy law front. Seven states passed new laws in 2023 (Delaware, Iowa, Indiana, Tennessee, Montana, Florida, and Oregon). These states joined California, Connecticut, Colorado, and Virginia with laws already in effect. Soon, Utah will join the “active” law list when its privacy law comes into effect on December 31.

For companies complying with the laws already in effect, little additional steps need be taken for Utah. That said, with each new law going into effect, companies would be well-served to review key components of the privacy program to help ensure that existing programs and processes are reflective of the then-requirements. This includes:

  • Confirming Applicability. Each time a law goes into effect, companies should re-assess which of the US laws apply (or not) to it. These laws primarily apply based on revenue and/or volume of personal information processed – two factors that may have changed since last evaluated. Our blog post here helps summarize the thresholds and criteria for when a law may apply or not.
  • Review Notice Obligations. Best practice is to review a privacy policy at least annually, or during any new data collection activity. As part of this process, it would also help to double-check that the current privacy policy checks the boxes of the state content requirements (as we summarize here).
  • Choice and Rights. Like a privacy policy, the process for handling individual rights may also require some elements of continual evaluation and improvement. Assessing how current practices are mapping to the statutory requirements may shed light on the need for additional updates or modifications.
  • Vendor Contracts. By now, many are familiar with updating standard privacy and cybersecurity contractual terms due to changing legal requirements. As part of overall house-keeping companies should verify that its templates similarly adhere to state requirements.

Putting it into Practice. Even if your organization is not subject to Utah’s privacy law, now is a good time to access how compliance with state privacy laws is going. And, while Utah’s law was generally viewed as more “business friendly” when passed, Utah is signaling itself to be a state with more interest in matters involving privacy and cyber, which may impact the enforcement level of this law. For example, Utah created a “Cyber Center” and enacted a law aimed and social media and minors.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide