State Regulatory Developments

Utah Amends Data Breach Notice Provisions, Establishes Cyber Center

Utah has recently enacted cybersecurity amendments which revise disclosure requirements for cyber breaches and also creates a new Utah Cyber Center.  These amendments will be effective May 3, 2023.

The law will now require notification to the Utah Attorney General as well as the newly-created Utah Cyber Center, for data breaches where misuse for identity theft or fraud of personal information relating to five hundred or more Utah residents has occurred or is reasonably likely to occur.  In addition, reporting to the nationwide consumer reporting agencies will be required for breaches where misuse for identity theft or fraud of personal information relating to one thousand or more Utah residents has occurred or is reasonably likely to occur.  This is in addition to the existing consumer-notification requirement. 

The Utah Cyber Center created by this law will:

  • share cyber threat intelligence with governmental entities and other public and private organizations;
  • receive reports of system security breaches; and
  • coordinate, develop and share best practices for cybersecurity defense in the state.