SecurePrivacy Logo

Utah Consumer Privacy Act (UCPA)

View Law Text
Maximum Fine
$7,500 per violation
Scope
State
Regulator
DCP
Status
Active

Need Help with Utah Consumer Privacy Act (UCPA) Compliance?

Get expert guidance on implementing UCPA requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Utah Consumer Privacy Act establishes privacy rights for Utah residents and obligations for businesses processing personal data.

Key Facts

  • Effective December 31, 2023
  • Enforced by Division of Consumer Protection
  • Includes consumer rights and business obligations
  • Provides 30-day cure period
  • Focus on reasonable security measures

Key Principles

Consumer Rights

Rights granted to Utah residents under UCPA.

Requirements

  • Right to access
  • Right to delete
  • Right to data portability
  • Right to opt-out of targeted advertising
  • Right to opt-out of sales

Examples

  • Access request procedures
  • Deletion mechanisms
  • Data portability formats
  • Opt-out systems
  • Request handling

Transparency

Disclosure requirements for controllers.

Requirements

  • Privacy notice requirements
  • Processing disclosures
  • Rights information
  • Sharing practices
  • Security measures

Examples

  • Privacy policies
  • Notice updates
  • Rights notifications
  • Security documentation

Security Requirements

Data security and protection requirements.

Requirements

  • Reasonable security
  • Employee training
  • Vendor management
  • Incident response
  • Regular assessments

Examples

  • Security policies
  • Training programs
  • Vendor contracts
  • Incident plans

Compliance Requirements

Privacy Notice Requirements

Required disclosures in privacy notices.

Implementation Steps

  • Identify required disclosures
  • Draft clear notices
  • Include rights information
  • Document sharing practices
  • Regular updates

Required Documentation

  • Privacy policies
  • Notice templates
  • Update procedures
  • Review records
  • Training materials

Consumer Request Handling

Procedures for handling consumer rights requests.

Implementation Steps

  • Establish request procedures
  • Implement verification methods
  • Set response timelines
  • Train staff
  • Document responses

Required Documentation

  • Request procedures
  • Verification methods
  • Response templates
  • Training materials
  • Request logs

Data Security

Requirements for protecting personal data.

Implementation Steps

  • Implement security measures
  • Train employees
  • Manage vendors
  • Monitor compliance
  • Regular reviews

Required Documentation

  • Security policies
  • Training records
  • Vendor agreements
  • Audit logs
  • Review reports

Enforcement & Penalties

Division of Consumer Protection

The Utah Division of Consumer Protection investigates violations.

Penalty Categories

Civil Penalties
Up to $7,500 per violation
For each violation after notice and cure period
Actual Damages
Varies
Recovery of actual damages to consumers

Example Cases

Example Case 1
$25,000
2023 - Multiple violations after cure period
Example Case 2
$15,000
2023 - Failure to implement required measures