PRIA Logo
UtahH.B. 4502026 General SessionHouseWALLET

Data Privacy Amendments

Sponsored By: David Shallenberger (Republican)

Signed by Governor

Electronic PrivacyTechnologyElectronic InformationGovernment RecordsPublic Utilities and TechnologyEthicsGovernment Operations (State Issues)Data and Cyber Security

Your PRIA Score

Score Hidden

Personalized for You

How does this bill affect your finances?

Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.

Free to start

Bill Overview

Analyzed Economic Effects

9 provisions identified: 7 benefits, 0 costs, 2 mixed.

Local entities must register or lose funds

The lieutenant governor runs a public registry of local governments and limited‑purpose entities and sets fees to cover its costs. Entities had to register by July 1, 2019, must renew each year, update changes within 30 days, and submit details like creation documents, boundaries, contacts, board members, and revenue sources. The office reviews submissions within 30 days and posts approved listings while withholding personal phone numbers and emails. If an entity misses deadlines, notices set cure windows (10 days for missed initial registration; 30 days for noncompliance or missed renewal). Registration stays valid during a cure period and for one year after a registration or renewal notice. If problems are not fixed, the State Auditor may withhold state‑allocated funds, pause property‑tax disbursements, or block access to state‑held or bank funds; the Auditor must allow payments needed to avoid major disruption and to meet debt service and must give taxing units and counties 60 days after a formal notice to correct issues before withholding.

Extra privacy for at-risk employees

Public safety employees and their immediate family get added privacy. Protected details include home address, personal phone numbers, personal email, pager, photos, directions to the home, and photos of homes or vehicles. Similar private records are covered when qualifying at‑risk employees request protection.

Faster data breach alerts to you

Government agencies must alert you about a data breach quickly. For breaches affecting 500 or more people, they must notify the state Cyber Center and the attorney general within five days of discovery. They must also notify each affected person by mail or email and, if available, by text or phone. If more than 500 people are affected or contacts are missing, they must also post a press release, social media post, or newspaper notice. Breach notices must explain what happened, what data was accessed, steps taken, and how you can protect against identity theft. Smaller breaches (under 500 people) must be logged internally and reported to the Cyber Center on request. Law enforcement can request a short delay to protect an investigation.

Limits on government data use and your rights

You can ask a government agency to correct personal data it holds about you. Records you give to a state‑run online repository for doing business with the state are treated as private. The lieutenant governor removes phone numbers and street‑level addresses from public campaign and judicial retention reports, and it is a crime for an official to knowingly disclose that removed info. Government entities may not use secret surveillance unless a law allows it, and they may not sell or share personal data unless a law permits it.

Safer student data in college reports

Beginning May 6, 2026, colleges follow a clear rule for sharing student statistics. "Aggregate" data can be reported only when the group has at least 10 people. Reports may be by cohort, class, course, school, region, or state. The data cannot reveal any student's identity.

Stronger privacy for student data

The law expands what counts as student personal data, such as names, addresses, emails, phone numbers, Social Security numbers, biometrics, health or disability data, student IDs, social media handles, and persistent identifiers. The chief privacy officer creates a higher‑education privacy advisory group to guide colleges and universities.

Government privacy programs and training

Every government entity must start a privacy program by December 31, 2025 and collect only the minimum data needed. For data uses that began before May 7, 2025, entities must find any non‑compliant uses and plan fixes no later than July 1, 2027. Workers who access personal data must complete privacy training within 30 days of starting and at least once each year. Each entity must file a yearly privacy report by December 31, keep it for five years, and share it with the Office of Data Privacy. Beginning July 1, 2027, state agencies must complete privacy annotations for every record series with personal data or stop collecting, keeping, or using that data. Contracts entered into or renewed after July 1, 2027 must require contractors that handle government personal data to follow these rules; contractors are not required to take the specific training in Section 63A‑19‑401.2.

Stronger state audits and protected records

The State Auditor may audit how government handles personal data and must keep a Uniform Accounting Manual for special districts. Some auditor records are protected from public release, including uncorroborated allegations, whistleblower‑identifying workpapers, draft reports, and survey plans, with sharing allowed to law enforcement when needed. The auditor and audited entities can ask the Government Records Office to decide if audit records can be released, and either side can go to court. If an entity ignores past audit recommendations, the Auditor must tell the Legislature’s Audit Subcommittee. The Auditor cannot audit work they performed before taking office; the Legislature must arrange and fund any needed audits of that prior work.

State privacy office and commission

The Office of Data Privacy sets a statewide privacy framework, watches high‑risk data use, coordinates breach planning, and builds training. The Utah Privacy Commission publishes a yearly agenda by May 1 and reports results and recommendations by October 1. The governor appoints a chief privacy officer (with Senate approval) who reports by June 30 each year. The Office may charge agencies service fees, bill state agencies, fund compliance help, and contract with universities. The Office and Commission must study technologies that collect data without direct notice and report findings by the November 2027 interim meeting after taking input from law enforcement, civil liberties groups, and users.

Free Policy Watch

You just read the policy. Now see what it costs you.

Pick a topic. PRIA runs your household against live legislation and sends you a free personalized readout.

Pick a topic to get started

My TaxesMy HealthMy BudgetMy MoneyMy Freedom
Or tell us something more specific

Sponsors & Cosponsors

Sponsor

  • David Shallenberger

    Republican • House

Cosponsors

  • Kirk A. Cullimore

    Republican • Senate

Roll Call Votes

All Roll Calls

Yes: 206 • No: 4

House vote 3/5/2026

House/ uncircled

Yes: 0 • No: 0

House vote 3/5/2026

House/ circled

Yes: 0 • No: 0

House vote 3/5/2026

House/ concurs with Senate amendment

Yes: 66 • No: 1

Senate vote 3/4/2026

Senate/ substituted

Yes: 0 • No: 0

House vote 3/4/2026

Senate Comm - Favorable Recommendation

Yes: 6 • No: 0

Senate vote 3/4/2026

Senate/ circled

Yes: 0 • No: 0

Senate vote 3/4/2026

Senate/ uncircled

Yes: 0 • No: 0

Senate vote 3/4/2026

Senate/ passed 2nd & 3rd readings/ suspension

Yes: 28 • No: 0

House vote 3/2/2026

House/ substituted

Yes: 0 • No: 0

House vote 3/2/2026

House/ uncircled

Yes: 0 • No: 0

House vote 3/2/2026

House/ passed 3rd reading

Yes: 72 • No: 0

House vote 2/27/2026

House/ circled

Yes: 0 • No: 0

House vote 2/24/2026

House Comm - Favorable Recommendation

Yes: 7 • No: 1

House vote 2/24/2026

House Comm - Substitute Recommendation

Yes: 8 • No: 0

House vote 2/18/2026

House Comm - Substitute Recommendation

Yes: 9 • No: 0

House vote 2/18/2026

House Comm - Held

Yes: 10 • No: 2

Actions Timeline

  1. Governor Signed

    3/19/2026

  2. House/ to Governor

    3/16/2026House

  3. House/ received enrolled bill from Printing

    3/16/2026House

  4. House/ enrolled bill to Printing

    3/12/2026House

  5. Enrolled Bill Returned to House or Senate

    3/12/2026

  6. Draft of Enrolled Bill Prepared

    3/6/2026

  7. Bill Received from House for Enrolling

    3/6/2026

  8. House/ signed by Speaker/ sent for enrolling

    3/5/2026House

  9. House/ received from Senate

    3/5/2026House

  10. Senate/ to House

    3/5/2026Senate

  11. Senate/ signed by President/ returned to House

    3/5/2026Senate

  12. Senate/ received from House

    3/5/2026Senate

  13. House/ to Senate

    3/5/2026House

  14. House/ concurs with Senate amendment

    3/5/2026House

  15. House/ uncircled

    3/5/2026House

  16. House/ circled

    3/5/2026House

  17. House/ placed on Concurrence Calendar

    3/5/2026House

  18. House/ received from Senate

    3/5/2026House

  19. Senate/ to House with amendments

    3/4/2026Senate

  20. Senate/ passed 2nd & 3rd readings/ suspension

    3/4/2026Senate

  21. Senate/ substituted

    3/4/2026Senate

  22. Senate/ uncircled

    3/4/2026Senate

  23. Senate/ circled

    3/4/2026Senate

  24. Senate/ 2nd & 3rd readings/ suspension

    3/4/2026Senate

  25. Senate/ Rules to 2nd Reading Calendar

    3/4/2026Senate

Bill Text

  • Enrolled

    3/12/2026

    PDF

  • Substitute #6

    3/4/2026

    PDF

  • Substitute #5

    3/2/2026

    PDF

  • Substitute #4

    2/27/2026

    PDF

  • Substitute #3

    2/25/2026

    PDF

  • Substitute #2

    2/24/2026

    PDF

  • Substitute #1

    2/17/2026

    PDF

  • Introduced

    2/2/2026

    PDF

Related Bills

Back to State Legislation

Take It Personal

Get Your Personalized Policy View

Take the PRIA Score to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.

Already have an account? Sign in