Utah Consumer Privacy Act (UCPA)
View Law TextMaximum Fine
$7,500 per violation
Scope
State
Regulator
DCP
Status
Active
Need Help with Utah Consumer Privacy Act (UCPA) Compliance?
Get expert guidance on implementing UCPA requirements and ensuring ongoing compliance for your organization.
Get Expert HelpOverview
The Utah Consumer Privacy Act establishes privacy rights for Utah residents and obligations for businesses processing personal data.
Key Facts
- Effective December 31, 2023
- Enforced by Division of Consumer Protection
- Includes consumer rights and business obligations
- Provides 30-day cure period
- Focus on reasonable security measures
Key Principles
Consumer Rights
Rights granted to Utah residents under UCPA.
Requirements
- Right to access
- Right to delete
- Right to data portability
- Right to opt-out of targeted advertising
- Right to opt-out of sales
Examples
- Access request procedures
- Deletion mechanisms
- Data portability formats
- Opt-out systems
- Request handling
Transparency
Disclosure requirements for controllers.
Requirements
- Privacy notice requirements
- Processing disclosures
- Rights information
- Sharing practices
- Security measures
Examples
- Privacy policies
- Notice updates
- Rights notifications
- Security documentation
Security Requirements
Data security and protection requirements.
Requirements
- Reasonable security
- Employee training
- Vendor management
- Incident response
- Regular assessments
Examples
- Security policies
- Training programs
- Vendor contracts
- Incident plans
Compliance Requirements
Privacy Notice Requirements
Required disclosures in privacy notices.
Implementation Steps
- Identify required disclosures
- Draft clear notices
- Include rights information
- Document sharing practices
- Regular updates
Required Documentation
- Privacy policies
- Notice templates
- Update procedures
- Review records
- Training materials
Consumer Request Handling
Procedures for handling consumer rights requests.
Implementation Steps
- Establish request procedures
- Implement verification methods
- Set response timelines
- Train staff
- Document responses
Required Documentation
- Request procedures
- Verification methods
- Response templates
- Training materials
- Request logs
Data Security
Requirements for protecting personal data.
Implementation Steps
- Implement security measures
- Train employees
- Manage vendors
- Monitor compliance
- Regular reviews
Required Documentation
- Security policies
- Training records
- Vendor agreements
- Audit logs
- Review reports
Enforcement & Penalties
Division of Consumer Protection
The Utah Division of Consumer Protection investigates violations.
Penalty Categories
Civil Penalties
Up to $7,500 per violation
For each violation after notice and cure period
Actual Damages
Varies
Recovery of actual damages to consumers
Example Cases
Example Case 1
$25,000
2023 - Multiple violations after cure period
Example Case 2
$15,000
2023 - Failure to implement required measures