State Regulatory Developments

Utah Amends Cybersecurity Breach Notification Provisions

Utah recently amended provisions related to its cybersecurity breach notification requirements.  The amendment is effective May 1, 2024.

Under the amendment, breach notifications to the Utah Attorney General or Cyber Center must include the following information, to the extent available: date the breach occurred, date the breach was discovered, number of people affected by the breach, type of personal information involved in the breach, and a short description of the breach.  The amendment also makes notifications and supporting information along with information produced by the Utah Attorney General or Cyber Center in providing coordination or assistance to the notifier confidential and classified if the requirements of the Government Records Access and Management Act are met.