Utah Governor Gary Herbert is expected to sign a new privacy law in the coming weeks that will make his state the first to protect private electronic data stored with third-party providers from government access without a warrant.

Under the legislation passed unanimously by the Utah Legislature earlier this month, law enforcement agencies need a warrant to obtain information about an individual from wireless communications providers, email platforms, search engine providers, or social media companies.

While much of the focus over the past two years has been on laws to protect consumer privacy rights, protecting private information from disclosure to law enforcement has also generated attention. Traditionally, the general rule followed, on both the federal and state levels, has been that law enforcement agencies can access information through third-party providers because individuals have no reasonable expectation of privacy when they share their personal information with third parties.

The U.S. Supreme Court curbed that traditional rule in last year’s 5-4 opinion in Carpenter v. United States, in which the majority held that the government’s search of personal cell phone location information held by a wireless communications provider constitutes a Fourth Amendment search, and therefore requires a warrant. However, the opinion did not extend beyond location information, and the dissenting justices urged that legislation was needed to govern this body of law in a new age of technology.

Utah’s new law addresses the issue head-on by specifically providing that “a law enforcement agency may not obtain, without a search warrant issued by a court upon probable cause,” the location information from an electronic device or “electronic information or data transmitted by the owner of the electronic information or data to a remote computing service provider.” “Electronic information or data” is defined broadly to include “a sign, signal, writing, image, sound, or intelligence of any nature transmitted or stored in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system.” In other words, law enforcement agencies cannot obtain information about an individual from third-party service providers without obtaining a warrant. Notably, there are specific exceptions, such as when the third-party provider believes an emergency exists with risk of death, serious physical injury, or sexual abuse.

Assuming Gov. Herbert signs the bill, Utah likely will not be the last state to venture into this area of law. Companies should therefore keep in mind that on top of the growing patchwork of consumer privacy laws and regulations, they may face new laws and regulations that change longstanding practices in how they respond to requests from governmental agencies.

Philip N. Yannella

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use…

yannellap@ballardspahr.com | 215.864.8180 | view full bio

As Practice Leader of Ballard Spahr’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation’s Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.

Marjorie J. Peerce

peercem@ballardspahr.com | 646.346.8039 | view full bio

Margie is a litigator who, in her more than 30 years of practice, has handled matters across the criminal and regulatory spectrum including white collar criminal defense, regulatory matters, and complex civil litigation. Her work includes…

peercem@ballardspahr.com | 646.346.8039 | view full bio

Margie is a litigator who, in her more than 30 years of practice, has handled matters across the criminal and regulatory spectrum including white collar criminal defense, regulatory matters, and complex civil litigation. Her work includes cases arising from alleged violations of the Internal Revenue Code, the FCPA, the BSA, and a broad range of fraud investigations.

She represents numerous individuals in several AML/BSA investigations by the U.S. Department of Justice and has represented a financial institution in a matter implicating BSA issues. She has handled matters involving Suspicious Activity Reports and Currency Transaction Reports and structuring-related offenses and she has represented individuals accused of money laundering offenses. Margie has also handled a significant number of matters with the SEC, FINRA, and the CFTC.