A governmental entity may not collectpersonally identifiable information related to a user of the governmental entity’s governmental website unless the governmental entity has taken reasonable steps to ensure that on the day on which the personally identifiable information is collected the governmental entity’s governmental website complies with Subsection (2).
Terms Used In Utah Code 63D-2-103
Collect: includes use of any identifying code linked to a user of a governmental website. See Utah Code 63D-2-102
Governmental entity: means :
(a)
an executive branch agency as defined in Section 63A-16-102;
(b)
the legislative branch;
(c)
the judicial branch;
(d)
the State Board of Education;
(e)
the Utah Board of Higher Education;
(f)
an institution of higher education as defined in Section 53B-1-102; and
Governmental website operator: means a governmental entity or person acting on behalf of the governmental entity that:
(a)
operates a governmental website; and
(b)
collects or maintains personally identifiable information from or about a user of that website. See Utah Code 63D-2-102
Personally identifiable information: means information that identifies:
(a)
a user by:
(i)
name;
(ii)
account number;
(iii)
physical address;
(iv)
email address;
(v)
telephone number;
(vi)
Social Security number;
(vii)
credit card information; or
(viii)
bank account information;
(b)
a user as having requested or obtained specific materials or services from a governmental website;
(c)
Internet sites visited by a user; or
(d)
any of the contents of a user's data-storage device. See Utah Code 63D-2-102
User: means a person who accesses a governmental website. See Utah Code 63D-2-102
(2)
A governmental website shall contain a privacy policy statement that discloses:
(a)
(i)
the identity of the governmental website operator; and
(ii)
how the governmental website operator may be contacted:
(A)
by telephone; or
(B)
electronically;
(b)
the personally identifiable information collected by the governmental entity;
(c)
a summary of how the personally identifiable information is used by:
(i)
the governmental entity; or
(ii)
the governmental website operator;
(d)
the practices of the following related to disclosure of personally identifiable information collected:
(i)
the governmental entity; or
(ii)
the governmental website operator;
(e)
the procedures, if any, by which a user of a governmental entity may request:
(i)
access to the user’s personally identifiable information; and
(ii)
access to correct the user’s personally identifiable information; and
(f)
without compromising the integrity of the security measures, a general description of the security measures in place to protect a user’s personally identifiable information from unintended disclosure.
