Utah Consumer Privacy Act (UCPA)
What is Utah’s UCPA Law?
Gov. Spencer Cox, R-Utah, signed the Utah Consumer Privacy Act into law on 24th of March making Utah the 4th state after California, Virginia and Colorado to enact a comprehensive consumer privacy act. The law will be in effect from 31.12.2023. UCPA is largely based on the Virginia Consumer Protection Act, but uses a more business-friendly approach to consumer privacy than all three of its predecessors.
Key highlights of Utah's UCPA:
Know the difference between Virginia’s CDPA, CCPA and CPRA?
Download this whitepaper to know more about the key differences between the provisions of Virginia’s new privacy law called CDPA, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It provides an overview of each law’s requirements, highlighting their similarities and differences. Although there are some similarities in all the active privacy laws, the framework, and definitions of CDPA carries its unique requirements and guidance.
Consumer Rights under Utah's UCPA
The Utah Consumer Privacy Act safeguards individuals’ data privacy with a complete set of regulations that one must comply with.
- Right to Information
A consumer has the right to:- confirm whether a controller is processing the consumer’s personal data; and
- access the consumer’s personal data.
- Right to Deletion
A consumer has the right to delete the consumer’s personal data that the consumer provided to the controller. - Right to Data Portability
A consumer has the right to obtain a copy of the consumer’s personal data, that the consumer previously provided to the controller, in a format that:- to the extent technically feasible, is portable;
- to the extent practicable, is readily usable; and
- allows the consumer to transmit the data to another controller without impediment, where the processing is carried out by automated means.
- Right to Opt-Out
A consumer has the right to opt out of the processing of the consumer’s personal data for purposes of:- targeted advertising; or
- the sale of personal data.
Obligations of Controllers
- Transparency
A controller shall provide consumers with a reasonably accessible and clear privacy notice. - Security
A controller shall establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality and integrity of personal data, and reduce reasonably foreseeable risks of harm to consumers. - Nondiscrimination
A controller may not discriminate against a consumer for exercising a right by denying a good or service to the consumer or charging the consumer a different price. - Responding to consumer requests
Responding to consumer requests. Unless an exception applies, controllers are obligated to respond to a consumer’s request within 45 days.
How Mandatly helps you achieve Utah's UCPA compliance?
Mandatly’s UCPA compliance solution goes above and beyond automation and includes comprehensive privacy risk management features that enable you to make effective business decisions and eliminate privacy risks.