(1) The provisions of this chapter do not require a controller or processor to:

lawyer at desk

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In Utah Code 13-61-303

  • Consumer: means an individual who is a resident of the state acting in an individual or household context. See Utah Code 13-61-101
  • Controller: means a person doing business in the state who determines the purposes for which and the means by which personal data are processed, regardless of whether the person makes the determination alone or with others. See Utah Code 13-61-101
  • Deidentified data: includes synthetic data. See Utah Code 13-61-101
  • Identifiable individual: means an individual who can be readily identified, directly or indirectly. See Utah Code 13-61-101
  • Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
  • Personal data: means information that is linked or reasonably linkable to an identified individual or an identifiable individual. See Utah Code 13-61-101
  • Processor: means a person who processes personal data on behalf of a controller. See Utah Code 13-61-101
  • Pseudonymous data: means personal data that cannot be attributed to a specific individual without the use of additional information, if the additional information is:
         (28)(a) kept separate from the consumer's personal data; and
         (28)(b) subject to appropriate technical and organizational measures to ensure that the personal data are not attributable to an identified individual or an identifiable individual. See Utah Code 13-61-101
  • Right: means a consumer right described in Section 13-61-201. See Utah Code 13-61-101
  • Third party: means a person other than:
         (36)(a) the consumer, controller, or processor; or
         (36)(b) an affiliate or contractor of the controller or the processor. See Utah Code 13-61-101
     (1)(a) reidentify deidentified data or pseudonymous data;
     (1)(b) maintain data in identifiable form or obtain, retain, or access any data or technology for the purpose of allowing the controller or processor to associate a consumer request with personal data; or
     (1)(c) comply with an authenticated consumer request to exercise a right described in Subsections 13-61-202(1) through (3), if:

          (1)(c)(i)

               (1)(c)(i)(A) the controller is not reasonably capable of associating the request with the personal data; or
               (1)(c)(i)(B) it would be unreasonably burdensome for the controller to associate the request with the personal data;
          (1)(c)(ii) the controller does not:

               (1)(c)(ii)(A) use the personal data to recognize or respond to the consumer who is the subject of the personal data; or
               (1)(c)(ii)(B) associate the personal data with other personal data about the consumer; and
          (1)(c)(iii) the controller does not sell or otherwise disclose the personal data to any third party other than a processor, except as otherwise permitted in this section.
(2) The rights described in Subsections 13-61-201(1) through (3) do not apply to pseudonymous data if a controller demonstrates that any information necessary to identify a consumer is kept:

     (2)(a) separately; and
     (2)(b) subject to appropriate technical and organizational measures to ensure the personal data are not attributed to an identified individual or an identifiable individual.
(3) A controller who uses pseudonymous data or deidentified data shall take reasonable steps to ensure the controller:

     (3)(a) complies with any contractual obligations to which the pseudonymous data or deidentified data are subject; and
     (3)(b) promptly addresses any breach of a contractual obligation described in Subsection (3)(a).
  Previous section
Next section  
 Part 3 Contents