In an era where privacy protection is gaining prominence nationwide, Utah is taking a proactive approach by developing a comprehensive privacy plan specifically tailored for state and local government agencies. While much attention has been given to safeguarding consumer privacy in the private sector, governments collect and maintain a wide range of personal information for various public services, necessitating the establishment of robust data protection measures.
Utah's Chief Privacy Officer, Christopher Bramwell, CIPM, highlights the unique and extensive nature of the information handled by government entities, emphasizing the need for tailored safeguards to ensure the privacy and security of this data. By spearheading the development of a statewide privacy plan, Utah is prioritizing the responsible handling and protection of the personal information entrusted to government agencies.
1The disclosure of sealed counseling records of a sexual abuse victim by the Utah Court of Appeals has raised concerns about privacy protections in the state's rules of evidence, as reported by The Salt Lake Tribune. The case involved a Utah resident who accused a family friend of sexual abuse during her childhood, leading to the perpetrator's conviction on a second-degree felony charge. However, during the perpetrator's appeal, the Court of Appeals released the victim's sealed counseling records to the defendant's attorney. In response, the Utah Supreme Court ruled that the lower court had erred by not allowing the victim to participate in the case to safeguard her privacy.
Utah's Government Operations Privacy Officer, Christopher Bramwell, is leading an initiative to identify and train a minimum of 50 professionals in the field of data security and privacy, according to StateScoop. With funding allocated from the American Rescue Plan, Utah plans to support the identification of potential candidates, the development of training programs, and the facilitation of certification processes. Bramwell has been actively working to secure contracts for statewide on-site education, aiming to provide training to every agency and ensure the presence of certified professionals proficient in both privacy and security. Notably, Utah recently became the fourth U.S. state to enact comprehensive privacy legislation on March 24, further emphasizing the importance of developing skilled professionals in this domain.
Utah is on the verge of implementing its latest comprehensive state privacy law, the Utah Consumer Privacy Act (UCPA), which closely aligns with the provisions of the Virginia Consumer Data Privacy Act. Under the UCPA, businesses with annual revenues exceeding $25 million must meet additional thresholds, including holding personal data on 100,000 Utah consumers or deriving 50% of their revenue from selling the data of more than 25,000 consumers. Effective December 31, 2023, the UCPA grants consumers standard rights, establishes exemptions, sets a 45-day response period for requests, allows a 30-day cure period, and introduces unique enforcement provisions for the attorney general. However, the law does not incorporate a private right of action, address "dark patterns" or the Global Privacy Control, or mandate data protection assessments.
Governor Spencer Cox of Utah has appointed Christopher Bramwell as the first privacy officer for the Department of Government Operations, according to Government Technology. Bramwell, formerly the director of information privacy and security at the Utah Department of Human Services, will assume responsibility for overseeing privacy practices across state agencies. In his new role, Bramwell will collaborate with the recently established Personal Privacy Oversight Commission and the state privacy officer to develop government privacy practices and provide recommendations. Bramwell expressed his enthusiasm for the opportunity to establish programs that ensure accountability in the utilization of personal data and information of Utah residents.