Utah Governor Gary Herbert is expected to sign a new privacy law in the coming weeks that will make his state the first to protect private electronic data stored with third-party providers from government access without a warrant.

Under the legislation passed unanimously by the Utah Legislature earlier this month, law enforcement agencies need a warrant to obtain information about an individual from wireless communications providers, email platforms, search engine providers, or social media companies.

While much of the focus over the past two years has been on laws to protect consumer privacy rights, protecting private information from disclosure to law enforcement has also generated attention. Traditionally, the general rule followed, on both the federal and state levels, has been that law enforcement agencies can access information through third-party providers because individuals have no reasonable expectation of privacy when they share their personal information with third parties.

The U.S. Supreme Court curbed that traditional rule in last year’s 5-4 opinion in Carpenter v. United States, in which the majority held that the government’s search of personal cell phone location information held by a wireless communications provider constitutes a Fourth Amendment search, and therefore requires a warrant. However, the opinion did not extend beyond location information, and the dissenting justices urged that legislation was needed to govern this body of law in a new age of technology.

Utah’s new law addresses the issue head-on by specifically providing that “a law enforcement agency may not obtain, without a search warrant issued by a court upon probable cause,” the location information from an electronic device or “electronic information or data transmitted by the owner of the electronic information or data to a remote computing service provider.” “Electronic information or data” is defined broadly to include “a sign, signal, writing, image, sound, or intelligence of any nature transmitted or stored in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system.” In other words, law enforcement agencies cannot obtain information about an individual from third-party service providers without obtaining a warrant. Notably, there are specific exceptions, such as when the third-party provider believes an emergency exists with risk of death, serious physical injury, or sexual abuse.

Assuming Gov. Herbert signs the bill, Utah likely will not be the last state to venture into this area of law. Companies should therefore keep in mind that on top of the growing patchwork of consumer privacy laws and regulations, they may face new laws and regulations that change longstanding practices in how they respond to requests from governmental agencies.

Marjorie J. Peerce

peercem@ballardspahr.com | 646.346.8039 | view full bio

Margie is a litigator who, in her more than 30 years of practice, has handled matters across the criminal and regulatory spectrum including white collar criminal defense, regulatory matters, and complex civil litigation. Her work includes…

peercem@ballardspahr.com | 646.346.8039 | view full bio

Margie is a litigator who, in her more than 30 years of practice, has handled matters across the criminal and regulatory spectrum including white collar criminal defense, regulatory matters, and complex civil litigation. Her work includes cases arising from alleged violations of the Internal Revenue Code, the FCPA, the BSA, and a broad range of fraud investigations.

She represents numerous individuals in several AML/BSA investigations by the U.S. Department of Justice and has represented a financial institution in a matter implicating BSA issues. She has handled matters involving Suspicious Activity Reports and Currency Transaction Reports and structuring-related offenses and she has represented individuals accused of money laundering offenses. Margie has also handled a significant number of matters with the SEC, FINRA, and the CFTC.