Press "Enter" to skip to content

Utah Amends Data Breach Notification Law

Utah data breach notification lawUtah Gov. Spencer Cox on March 23 signed into law Senate Bill 127, which amends the state’s data breach notification statutes.  The amendments go into effect May 2, 2023.

The amendments include:

  • Creation of the Utah Cyber Center, which will partner with various other state agencies and will, in part:
    • develop a statewide strategic cybersecurity plan for executive branch agencies and other governmental entities;
    • identify, analyze, and mitigate cyber threats and vulnerabilities;
    • coordinate cybersecurity resilience planning;
    • provide cybersecurity incident response capabilities;
    • recommend to the division standards to increase the cyber resilience of executive branch agencies;
    • promote cybersecurity best practices;
    • share cyber threat intelligence with governmental entities.
  • A requirement that if any person who owns or licenses computerized data that includes personal information concerning a Utah resident becomes aware of a breach of system security and the investigation reveals that the misuse of personal information relating to 500 or more Utah residents has occurred or is reasonably likely to occur, the breach notification must be provided to the Attorney General and the Utah Cyber Center, in addition to the residents affected.
  • A requirement that if the breach relates to 1,000 or more Utah residents, the notification must additionally be provided to each consumer reporting agency.
  • A provision that information submitted to the Attorney General and the Utah Cyber Center related to a breach is presumed to be confidential and protected and can only be disclosed if necessary to prevent imminent and substantial harm, or the information is anonymized or aggregated in such a way that prevents disclosure of a trade secret.
Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.