(1) The commission shall:

lawyer at desk

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In Utah Code 63C-24-202

  • Commission: means the Utah Privacy Commission created in Section 63C-24-201. See Utah Code 63C-24-102
  • Governing board: means the Utah Privacy Governing Board created in Section 63A-9-201. See Utah Code 63C-24-102
  • Governmental entity: means the same as that term is defined in Section 63G-2-103. See Utah Code 63C-24-102
  • Personal data: means the same as that term is defined in Section 63A-19-101. See Utah Code 63C-24-102
  • Privacy practice: includes :
              (7)(b)(i) a technology use related to personal data; and
              (7)(b)(ii) policies related to the protection, storage, sharing, and retention of personal data. See Utah Code 63C-24-102
  • State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
     (1)(a) annually develop a data privacy agenda that identifies for the upcoming year:

          (1)(a)(i) governmental entity privacy practices to be reviewed by the commission;
          (1)(a)(ii) educational and training materials that the commission intends to develop;
          (1)(a)(iii) any other items related to data privacy the commission intends to study; and
          (1)(a)(iv) best practices and guiding principles that the commission plans to develop related to government privacy practices;
     (1)(b) develop guiding standards and best practices with respect to government privacy practices;
     (1)(c) develop educational and training materials that include information about:

          (1)(c)(i) the privacy implications and civil liberties concerns of the privacy practices of government entities;
          (1)(c)(ii) best practices for government collection and retention policies regarding personal data; and
          (1)(c)(iii) best practices for government personal data security standards;
     (1)(d) review the privacy implications and civil liberties concerns of government privacy practices; and
     (1)(e) provide the data privacy agenda to the governing board by May 1 of each year.
(2) The commission may, in addition to the approved items in the data privacy agenda prepared under Subsection (1)(a):

     (2)(a) review specific government privacy practices as referred to the commission by the chief privacy officer described in Section 63A-19-302 or the state privacy officer described in Section 67-3-13;
     (2)(b) review a privacy practice not accounted for in the data privacy agenda only upon referral by the chief privacy officer or the state privacy officer in accordance with Subsection 63C-24-202(2)(a);
     (2)(c) review and provide recommendations regarding consent mechanisms used by governmental entities to collect personal information;
     (2)(d) develop and provide recommendations to the Legislature on how to balance transparency and public access of public records against an individual’s reasonable expectations of privacy and data protection; and
     (2)(e) develop recommendations for legislation regarding the guiding standards and best practices the commission has developed in accordance with Subsection (1)(a).
(3) At least annually, on or before October 1, the commission shall report to the Judiciary Interim Committee:

     (3)(a) the results of any reviews the commission has conducted;
     (3)(b) the guiding standards and best practices described in Subsection (1)(b); and
     (3)(c) any recommendations for legislation the commission has developed in accordance with Subsection (2)(e).
(4) At least annually, on or before June 1, the commission shall report to the governing board regarding:

     (4)(a) governmental entity privacy practices the commission plans to review in the next year;
     (4)(b) any educational and training programs the commission intends to develop in relation to government data privacy best practices;
     (4)(c) results of the commission’s data privacy practice reviews from the previous year; and
     (4)(d) recommendations from the commission related to data privacy legislation, standards, or best practices.
(5) The data privacy agenda detailed in Subsection (1)(a) does not add to or expand the authority of the commission.

  Previous section
Next section  
 Part 2 Contents