Complying with the Utah Consumer Privacy Act (UCPA)

4 minute read. Learn the basics of the Utah Consumer Privacy Act (UCPA) and how it impacts your business.

‍
Taking effect on December 31, 2023, the Utah Consumer Privacy Act (UCPA) provides consumers with broad protection and rights concerning the collection, use, processing, sharing, and sale of their personal information.

It doesn’t matter where your business is located-–the UCPA applies to your company if your customers reside in Utah. Businesses that fail to comply with the UCPA may be subject to significant fines and penalties and possible damage to their reputations. But there are solutions that simplify compliance.

Protecting Consumer Privacy

The UCPA grants consumers the right to:

1. Confirm whether a controller is processing the consumer's personal data.
2. Access their personal data.
3. Delete the personal data that was provided to the controller.
4. Obtain a portable copy of the personal data.
5. Opt out of the processing of the consumer's personal data for purposes of targeted advertising or the sale of personal data.

The UCPA applies to any business that:

• Conducts business in Utah or produces a product or service that is targeted to consumers who are residents of the state;
• Earns annual revenue of $25 million or more; and
• Satisfies one or more of the following thresholds:
• during a calendar year, controls or processes personal data of 100,000 or more consumers; or
• derives over 50 percent of the entity’s gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more consumers.

Under the UCPA, a “consumer” is defined as “an individual who is a resident of the state acting in an individual or household context;” however, the UCPA explicitly excludes individuals “acting in an employment or commercial context.”

The UCPA defines a sale as “the exchange of personal data for monetary consideration by a controller to a third party.” Deidentified data and publicly available information is explicitly excluded from the UCPA definition of “personal data.”

Satisfying the Utah Consumer Privacy Act

To cost-effectively ensure they are complying with UCPA, businesses will have to manage and track consumers’ requests to opt-out, review, access, delete, and obtain their data.

Business owners and leaders need a system for tracking consumer requests to opt-out, review, access, delete, and obtain their data. Without an accurate system for tracking the status of each request, business owners risk costly penalties and damage to their reputations.

To strengthen and enhance customer loyalty, PrivacyCare offers a system that features:

1. Customizable data-subject-request (DSR) forms that consumers can use to initiate their data request.
2. Consumer authentication.
3. A flexible record-keeping system that can support any DSR process, helping businesses comply with multi-state data privacy laws.
4. A database of the DSRs and their status.
5. A cost-effective solution that avoids unnecessary upgrades involving data analytics, data management, and data security functions.
6. A SaaS platform that eliminates the need for businesses to purchase and manage hardware or software.
7. Up-to-date with latest changes to data privacy laws across the U.S.

For help with your data privacy compliance challenges, contact PrivacyCare today.

‍