What New Data Privacy Regimes Mean For Utah Enterprises

The margin for error in business is razor-thin when it comes to compliance and data security.

Especially in light of the many compliance regulations—FINRA, HIPAA, PCI-DSS, CMMC, and more—it’s more important than ever that you confidently manage your compliance practices. This is of increasing importance to local business owners with the recent passing of the Utah Consumer Privacy Act (UCPA).

What Is The UCPA?

Similar to data privacy legislation in Colorado, Virginia and California, UCPA is intended to protect the privacy of any consumer that resides in Utah and requires that companies that transact business with those consumers follow certain requirements, regardless of where the company itself is located.


Does The UCPA Apply To Your Business?

You are subject to UCPA if you meet the following conditions:

  • Gross annual revenue of more than $25 million; and
  • Control or process personal data of 100,000 or more consumers during a calendar year; or derive over 50% of their gross revenue from the sale of personal data and control or process personal data of 25,000 or more consumers

Please note that nonprofit entities and institutions of higher education are exempt, even if they otherwise meet the above conditions.

Is The UCPA Different From Other Data Privacy Regimes?

Yes—while a considerable portion of the legislation’s particulars mirror that of the CCPA and Europe’s General Data Protection Rule (GDPR), UCPA does have some unique qualities.

Pre-GDPR (and now, pre-CCPA), there are likely a number of unexamined and unevaluated venues for data access in your operations that could put you at risk of noncompliance when UCPA is made official.

Consider that, once they were required to double-check how their data was accessed and controlled, businesses in Europe found that there was a lack of proper control, and access to data-enabled via legacy units. These are the types of gaps in your data control practices that need to be addressed before UCPA comes into effect.

By analyzing your operations top to bottom, you will likely identify ways that data can be accessed that few (or no one) was aware of because they weren’t regularly making use of them.

If you don’t already have policies for the following considerations, now is the time to start developing them:

  • Controls and Notifications
    1. Protect personal data using appropriate security.
    2. Notify authorities of personal data breaches.
    3. Obtain appropriate consent for processing data.
    4. Keep records detailing data processing.
  • Transparent Policies
    1. Provide clear notice of data collection.
    2. Outline processing purposes and use cases.
    3. Define data retention and deletion policies.

What Aspects Are Unique To The UCPA?

There are two key areas in which the UCPA differs from other state data privacy legislation:

  1. You are not required to perform a risk assessment or data protection assessment.
  2. You are restricted from collecting data on children 13 years of age or younger.

Kickstarting Your UCPA Compliance

Is UCPA going to be more work for you?

Yes, undoubtedly. But it’s necessary. It’s designed to protect consumers and allow you to continue to make the most of modern business advantages in the digital age.

Don’t forget—a few years ago it was Europe, more recently it was California, and now it’s Utah. Soon enough, it will be everyone.

Similar regulations are in the works in a number of states from Hawaii to Mississippi and New York. This is where the world is headed, and if you don’t get on board soon, you will pay the price.

Get started right now by doing the following:

  • Assess your cybersecurity to identify any potential vulnerabilities that could result in noncompliance.
  • Budget time and money for UCPA compliance initiatives.
  • Reach out to the Nexus IT team for helping in strategizing your compliance.

Nexus IT Will Help You Achieve Confident UCPA Compliance

The good news is that you don’t have to handle this alone.

By working with an IT company like Nexus IT, you can make sure you have the skills and knowledge you need to become compliant by the time UCPA comes into effect.

While you may have never had to worry about this type of compliance before, Nexus IT has the experience needed to assist in your analysis and updates to help you get in line with UCPA.