(1) A processor shall:

lawyer at desk

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In Utah Code 13-61-301

  • Account: means the Consumer Privacy Restricted Account established in Section 13-61-403. See Utah Code 13-61-101
  • Contract: A legal written agreement that becomes binding when signed.
  • Controller: means a person doing business in the state who determines the purposes for which and the means by which personal data are processed, regardless of whether the person makes the determination alone or with others. See Utah Code 13-61-101
  • Person: means :
         (24)(a) an individual;
         (24)(b) an association;
         (24)(c) an institution;
         (24)(d) a corporation;
         (24)(e) a company;
         (24)(f) a trust;
         (24)(g) a limited liability company;
         (24)(h) a partnership;
         (24)(i) a political subdivision;
         (24)(j) a government office, department, division, bureau, or other body of government; and
         (24)(k) any other organization or entity. See Utah Code 68-3-12.5
  • Personal data: means information that is linked or reasonably linkable to an identified individual or an identifiable individual. See Utah Code 13-61-101
  • Processor: means a person who processes personal data on behalf of a controller. See Utah Code 13-61-101
     (1)(a) adhere to the controller‘s instructions; and
     (1)(b) taking into account the nature of the processing and information available to the processor, by appropriate technical and organizational measures, insofar as reasonably practicable, assist the controller in meeting the controller’s obligations, including obligations related to the security of processing personal data and notification of a breach of security system described in Section 13-44-202.
(2) Before a processor performs processing on behalf of a controller, the processor and controller shall enter into a contract that:

     (2)(a) clearly sets forth instructions for processing personal data, the nature and purpose of the processing, the type of data subject to processing, the duration of the processing, and the parties’ rights and obligations;
     (2)(b) requires the processor to ensure each person processing personal data is subject to a duty of confidentiality with respect to the personal data; and
     (2)(c) requires the processor to engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the same obligations as the processor with respect to the personal data.
(3)

     (3)(a) Determining whether a person is acting as a controller or processor with respect to a specific processing of data is a fact-based determination that depends upon the context in which personal data are to be processed.
     (3)(b) A processor that adheres to a controller’s instructions with respect to a specific processing of personal data remains a processor.
  Previous section
Next section  
 Part 3 Contents