Download Zipped Enrolled WP 9 HB0105.ZIP
[Introduced][Status][Bill Documents][Fiscal Note] [Bills Directory]
H.B. 105 Enrolled
This act modifies the Information Technology Act to enact the Governmental Internet
Information Privacy Act. The act mandates that the Legislative Management Committee
direct the Utah Information Technology Commission to study and make
recommendations to the Legislature related to Internet privacy and security. The act
takes effect July 1, 2003. This act provides a coordination clause.
This act affects sections of Utah Code Annotated 1953 as follows:
ENACTS:
63D-1-401, Utah Code Annotated 1953
63D-1-402, Utah Code Annotated 1953
63D-1-403, Utah Code Annotated 1953
This act enacts uncodified material.
Be it enacted by the Legislature of the state of Utah:
Section 1. Section 63D-1-401 is enacted to read:
63D-1-401. Title.
This part is known as the "Governmental Internet Information Privacy Act."
Section 2. Section 63D-1-402 is enacted to read:
63D-1-402. Definitions.
As used in this part:
(1) (a) "Collect" means the gathering of personally identifiable information:
(i) from a user of a governmental website; or
(ii) about a user of the governmental website.
(b) "Collect" includes use of any identifying code linked to a user of a governmental
website.
(2) "Governmental entity" means a state agency.
(3) "Governmental website" means a website that is operated by or on behalf of a
governmental entity.
(4) "Governmental website operator" means a governmental entity or person acting on
behalf of the governmental entity that:
(a) operates a governmental website located on the Internet; and
(b) collects or maintains personally identifiable information from or about a user of that
website.
(5) "Personally identifiable information" means information that identifies:
(a) a user by:
(i) name;
(ii) account number;
(iii) physical address;
(iv) electronic address;
(v) telephone number; or
(vi) Social Security number;
(b) a user as having requested or obtained specific materials or services from a
governmental website;
(c) Internet sites visited by a user; or
(d) any of the contents of a user's data-storage device.
(6) "User" means a person who accesses a governmental website.
Section 3. Section 63D-1-403 is enacted to read:
63D-1-403. Collection of personally identifiable information -- Privacy policy
statements.
(1) A government entity may not collect personally identifiable information related to a
user of the governmental entity's governmental website unless the governmental entity has taken
reasonable steps to ensure that on the day on which the personally identifiable information is
collected the governmental entity's governmental website complies with Subsection (2).
(2) A government website shall contain a privacy policy statement that discloses:
(a) (i) the identity of the governmental website operator; and
(ii) how the governmental website operator may be contacted:
(A) by telephone; or
(B) electronically;
(b) (i) the personally identifiable information collected by the governmental entity;
(ii) the means by which personally identifiable information is collected;
(iii) whether the personally identifiable information collected by the governmental entity
is retained by the governmental entity; and
(iv) if personally identifiable information collected by the governmental entity is
retained, the time period for which the personally identifiable information is retained;
(c) a summary of how the personally identifiable information is used by:
(i) the governmental entity; or
(ii) the governmental website operator;
(d) the practices of the following related to disclosure of personally identifiable
information collected:
(i) the governmental entity; or
(ii) the governmental website operator;
(e) the options, if any, available to a person who wants to obtain services from the
governmental entity but chooses not to provide personally identifiable information through a
governmental website;
(f) the procedures, if any, by which a user of a governmental entity may request:
(i) access to the user's personally identifiable information; and
(ii) to correct the user's personally identifiable information; and
(g) without compromising the integrity of the security measures, a general description of
the security measures in place to protect a user's personally identifiable information from
unintended disclosure.
Section 4. Internet privacy and security study.
(1) The Legislative Management Committee shall direct the Utah Information
Technology Commission created in Section 63D-1-202 to review:
(a) issues related to Internet privacy and security raised in:
(i) H.B. 105, 2003 Gen. Sess. (Utah 2003), including:
(A) disclosure of personally identifiable information by an Internet service provider;
(B) privacy notices and records maintained by an Internet service provider; and
(C) security and privacy measures by an Internet service provider; and
(ii) the following Minnesota Senate bills:
(A) S.F. No. 156, 83rd Leg. Sess. (Minn. 2003-2004); and
(B) S.F. No. 487, 83rd Leg. Sess. (Minn. 2003-2004);
(b) issues related to:
(i) Internet sites;
(ii) Internet servers; and
(iii) Internet "pop-up" banner advertisements;
(c) any other issues related to security of information in the electronic age;
(d) whether to apply Title 63D, Chapter 1, Part 4, Governmental Internet Information
Privacy Act, to political subdivisions and school districts; and
(e) the definitions contained in Subsection (3).
(2) After completing a comprehensive review of the issues described in Subsection (1),
the Utah Information Technology Commission shall recommend to the Legislature provisions
that may be enacted related to the issues described in Subsection (1).
(3) For purposes of the study described in Subsection (1):
(a) (i) Except as provided in Subsection (3)(a)(ii), "consumer" means a person who:
(A) is a resident of the state;
(B) enters into a contract with an Internet service provider for access to the Internet for
personal, family, or household purposes; and
(C) receives the access described in Subsection (3)(a)(i)(B).
(ii) "Consumer" does not include a person that resells the access described in Subsection
(3)(a)(i)(B).
(b) (i) Except as provided in Subsection (3)(b)(ii), "Internet service provider" means a
person who:
(A) provides a consumer:
(I) authenticated access to the Internet; or
(II) authenticated presence on the Internet; and
(B) provides the access or presence described in Subsection (3)(b)(i)(A) by providing
transit routing of Internet protocol packets for and on behalf of the consumer.
(ii) "Internet service provider" does not include a person that offers on a common carrier
basis:
(A) access to telecommunications facilities; or
(B) telecommunication services by means of telecommunications facilities.
(c) "Ordinary course of business" means activities related to an Internet service provider:
(i) collecting debts owed to the Internet service provider;
(ii) processing a request for materials or services to be provided by the Internet service
provider; or
(iii) transferring ownership.
(d) "Personally identifiable information" means information that identifies:
(i) a consumer by:
(A) name;
(B) account number;
(C) physical address;
(D) electronic address;
(E) telephone number; or
(F) Social Security number;
(ii) a consumer as having requested or obtained specific materials or services from an
Internet service provider;
(iii) an Internet site visited by a consumer; or
(iv) any of the contents of a consumer's data-storage device.
Section 5. Effective date.
This act takes effect on July 1, 2003.
Section 6. Coordination clause.
If this bill and S.B. 151, Amendments Related to Information Technology, both pass, it is
the intent of the Legislature that the Office of Legislative Research and General Counsel in
preparing the Utah Code database for publication:
(1) treat this coordination clause as superseding the coordination clause in S.B. 151 to
the extent that the coordination clause in S.B. 151 refers to this bill;
(2) delete the phrase "a state agency" in Subsection 63D-1-402(2) in this bill and replace
it with "an executive branch agency"; and
(3) renumber Title 63D, Chapter 1, Part 4, as enacted in this bill to Title 63D, Chapter
1a, Part 4.
[Bill Documents][Bills Directory]