Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Closing Out 2023 with Utah’s Privacy Law

By Julia Kadish on December 26, 2023
Email this postTweet this postLike this postShare this post on LinkedIn
Global-Trade-Blog-Cybersecurity-2-660x283

This year has been active on the state “comprehensive” privacy law front. Seven states passed new laws in 2023 (Delaware, Iowa, Indiana, Tennessee, Montana, Florida, and Oregon). These states joined California, Connecticut, Colorado, and Virginia with laws already in effect. Soon, Utah will join the “active” law list when its privacy law comes into effect on December 31.

For companies complying with the laws already in effect, little additional steps need be taken for Utah. That said, with each new law going into effect, companies would be well-served to review key components of the privacy program to help ensure that existing programs and processes are reflective of the then-requirements. This includes:

  • Confirming Applicability. Each time a law goes into effect, companies should re-assess which of the US laws apply (or not) to it. These laws primarily apply based on revenue and/or volume of personal information processed – two factors that may have changed since last evaluated. Our blog post here helps summarize the thresholds and criteria for when a law may apply or not.
  • Review Notice Obligations. Best practice is to review a privacy policy at least annually, or during any new data collection activity. As part of this process, it would also help to double-check that the current privacy policy checks the boxes of the state content requirements (as we summarize here).
  • Choice and Rights. Like a privacy policy, the process for handling individual rights may also require some elements of continual evaluation and improvement. Assessing how current practices are mapping to the statutory requirements may shed light on the need for additional updates or modifications.
  • Vendor Contracts. By now, many are familiar with updating standard privacy and cybersecurity contractual terms due to changing legal requirements. As part of overall house-keeping companies should verify that its templates similarly adhere to state requirements.

Putting it into Practice. Even if your organization is not subject to Utah’s privacy law, now is a good time to access how compliance with state privacy laws is going. And, while Utah’s law was generally viewed as more “business friendly” when passed, Utah is signaling itself to be a state with more interest in matters involving privacy and cyber, which may impact the enforcement level of this law. For example, Utah created a “Cyber Center” and enacted a law aimed and social media and minors.

Photo of Julia Kadish Julia Kadish

Julia Kadish is a partner in the Intellectual Property Practice Group in the firm’s Chicago office and a member of the Privacy and Cybersecurity Team.

Read more about Julia KadishEmail
  • Posted in:
    Privacy and Cybersecurity
  • Blog:
    Eye On Privacy
  • Organization:
    Sheppard, Mullin, Richter & Hampton LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo