The margin for error in business is razor-thin when it comes to compliance and data security.
Especially in light of the many compliance regulations—FINRA, HIPAA, PCI-DSS, CMMC, and more—it’s more important than ever that you confidently manage your compliance practices. This is of increasing importance to local business owners with the recent passing of the Utah Consumer Privacy Act (UCPA).
Similar to data privacy legislation in Colorado, Virginia and California, UCPA is intended to protect the privacy of any consumer that resides in Utah and requires that companies that transact business with those consumers follow certain requirements, regardless of where the company itself is located.
You are subject to UCPA if you meet the following conditions:
Please note that nonprofit entities and institutions of higher education are exempt, even if they otherwise meet the above conditions.
Yes—while a considerable portion of the legislation’s particulars mirror that of the CCPA and Europe’s General Data Protection Rule (GDPR), UCPA does have some unique qualities.
Pre-GDPR (and now, pre-CCPA), there are likely a number of unexamined and unevaluated venues for data access in your operations that could put you at risk of noncompliance when UCPA is made official.
Consider that, once they were required to double-check how their data was accessed and controlled, businesses in Europe found that there was a lack of proper control, and access to data-enabled via legacy units. These are the types of gaps in your data control practices that need to be addressed before UCPA comes into effect.
By analyzing your operations top to bottom, you will likely identify ways that data can be accessed that few (or no one) was aware of because they weren’t regularly making use of them.
If you don’t already have policies for the following considerations, now is the time to start developing them:
There are two key areas in which the UCPA differs from other state data privacy legislation:
Is UCPA going to be more work for you?
Yes, undoubtedly. But it’s necessary. It’s designed to protect consumers and allow you to continue to make the most of modern business advantages in the digital age.
Don’t forget—a few years ago it was Europe, more recently it was California, and now it’s Utah. Soon enough, it will be everyone.
Similar regulations are in the works in a number of states from Hawaii to Mississippi and New York. This is where the world is headed, and if you don’t get on board soon, you will pay the price.
Get started right now by doing the following:
The good news is that you don’t have to handle this alone.
By working with an IT company like Nexus IT, you can make sure you have the skills and knowledge you need to become compliant by the time UCPA comes into effect.
While you may have never had to worry about this type of compliance before, Nexus IT has the experience needed to assist in your analysis and updates to help you get in line with UCPA.