Download Zipped Introduced WP 9 HB0105S1.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]
First Substitute H.B. 105
1
2
3
4
5
6 This act modifies the Information Technology Act to enact the Governmental Internet
7 Information Privacy Act. The act mandates that the Legislative Management Committee
8 direct the Utah Information Technology Commission to study and make
9 recommendations to the Legislature related to Internet privacy and security. The act
10 takes effect July 1, 2003. This act provides a coordination clause.
11 This act affects sections of Utah Code Annotated 1953 as follows:
12 ENACTS:
13 63D-1-401, Utah Code Annotated 1953
14 63D-1-402, Utah Code Annotated 1953
15 63D-1-403, Utah Code Annotated 1953
16 This act enacts uncodified material.
17 Be it enacted by the Legislature of the state of Utah:
18 Section 1. Section 63D-1-401 is enacted to read:
19
20 63D-1-401. Title.
21 This part is known as the "Governmental Internet Information Privacy Act."
22 Section 2. Section 63D-1-402 is enacted to read:
23 63D-1-402. Definitions.
24 As used in this part:
25 (1) (a) "Collect" means the gathering of personally identifiable information:
26 (i) from a user of a governmental website; or
27 (ii) about a user of the governmental website.
28 (b) "Collect" includes use of any identifying code linked to a user of a governmental
29 website.
30 (2) "Governmental entity" means a state agency.
31 (3) "Governmental website" means a website that is operated by or on behalf of a
32 governmental entity.
33 (4) "Governmental website operator" means a governmental entity or person acting on
34 behalf of the governmental entity that:
35 (a) operates a governmental website located on the Internet; and
36 (b) collects or maintains personally identifiable information from or about a user of
37 that website.
38 (5) "Personally identifiable information" means information that identifies:
39 (a) a user by:
40 (i) name;
41 (ii) account number;
42 (iii) physical address;
43 (iv) electronic address;
44 (v) telephone number; or
45 (vi) Social Security number;
46 (b) a user as having requested or obtained specific materials or services from a
47 governmental website;
48 (c) Internet sites visited by a user; or
49 (d) any of the contents of a user's data-storage device.
50 (6) "User" means a person who accesses a governmental website.
51 Section 3. Section 63D-1-403 is enacted to read:
52 63D-1-403. Collection of personally identifiable information.
53 (1) A government entity may not collect personally identifiable information related to a
54 user of the governmental entity's governmental website unless the governmental entity has
55 taken reasonable steps to ensure that on the day on which the personally identifiable
56 information is collected the governmental entity's governmental website complies with
57 Subsection (2).
58 (2) A government website shall contain a privacy policy statement that discloses:
59 (a) (i) the identity of the governmental website operator; and
60 (ii) how the governmental website operator may be contacted:
61 (A) by telephone; or
62 (B) electronically;
63 (b) (i) the personally identifiable information collected by the governmental entity;
64 (ii) the means by which personally identifiable information is collected;
65 (iii) whether the personally identifiable information collected by the governmental
66 entity is retained by the governmental entity; and
67 (iv) if personally identifiable information collected by the governmental entity is
68 retained, the time period for which the personally identifiable information is retained;
69 (c) a summary of how the personally identifiable information is used by:
70 (i) the governmental entity; or
71 (ii) the governmental website operator;
72 (d) the practices of the following related to disclosure of personally identifiable
73 information collected:
74 (i) the governmental entity; or
75 (ii) the governmental website operator;
76 (e) the options, if any, available to a person who wants to obtain services from the
77 governmental entity but chooses not to provide personally identifiable information through a
78 governmental website;
79 (f) the procedures, if any, by which a user of a governmental entity may request:
80 (i) access to the user's personally identifiable information; and
81 (ii) to correct the user's personally identifiable information; and
82 (g) without compromising the integrity of the security measures, a general description
83 of the security measures in place to protect a user's personally identifiable information from
84 unintended disclosure.
85 Section 4. Internet privacy and security study.
86 (1) The Legislative Management Committee shall direct the Utah Information
87 Technology Commission created in Section 63D-1-202 to review:
88 (a) issues related to Internet privacy and security raised in:
89 (i) H.B. 105, 2003 Gen. Sess. (Utah 2003), including:
90 (A) disclosure of personally identifiable information by an Internet service provider;
91 (B) privacy notices and records maintained by an Internet service provider; and
92 (C) security and privacy measures by an Internet service provider; and
93 (ii) the following Minnesota Senate bills:
94 (A) S.F. No. 156, 83rd Leg. Sess. (Minn. 2003-2004); and
95 (B) S.F. No. 487, 83rd Leg. Sess. (Minn. 2003-2004);
96 (b) issues related to:
97 (i) Internet sites;
98 (ii) Internet servers; and
99 (iii) Internet "pop-up" banner advertisements;
100 (c) any other issues related to security of information in the electronic age;
101 (d) whether to apply Title 63D, Chapter 1, Part 4, Governmental Internet Information
102 Privacy Act, to political subdivisions and school districts; and
103 (e) the definitions contained in Subsection (3).
104 (2) After completing a comprehensive review of the issues described in Subsection (1),
105 the Utah Information Technology Commission shall recommend to the Legislature provisions
106 that may be enacted related to the issues described in Subsection (1).
107 (3) For purposes of the study described in Subsection (1):
108 (a) (i) Except as provided in Subsection (3)(a)(ii), "consumer" means a person who:
109 (A) is a resident of the state;
110 (B) enters into a contract with an Internet service provider for access to the Internet for
111 personal, family, or household purposes; and
112 (C) receives the access described in Subsection (3)(a)(i)(B).
113 (ii) "Consumer" does not include a person that resells the access described in
114 Subsection (3)(a)(i)(B).
115 (b) (i) Except as provided in Subsection (3)(b)(ii), "Internet service provider" means a
116 person who:
117 (A) provides a consumer:
118 (I) authenticated access to the Internet; or
119 (II) authenticated presence on the Internet; and
120 (B) provides the access or presence described in Subsection (3)(b)(i)(A) by providing
121 transit routing of Internet protocol packets for and on behalf of the consumer.
122 (ii) "Internet service provider" does not include a person that offers on a common
123 carrier basis:
124 (A) access to telecommunications facilities; or
125 (B) telecommunication services by means of telecommunications facilities.
126 (c) "Ordinary course of business" means activities related to an Internet service
127 provider:
128 (i) collecting debts owed to the Internet service provider;
129 (ii) processing a request for materials or services to be provided by the Internet service
130 provider; or
131 (iii) transferring ownership.
132 (d) "Personally identifiable information" means information that identifies:
133 (i) a consumer by:
134 (A) name;
135 (B) account number;
136 (C) physical address;
137 (D) electronic address;
138 (E) telephone number; or
139 (F) Social Security number;
140 (ii) a consumer as having requested or obtained specific materials or services from an
141 Internet service provider;
142 (iii) an Internet site visited by a consumer; or
143 (iv) any of the contents of a consumer's data-storage device.
144 Section 5. Effective date.
145 This act takes effect on July 1, 2003.
146 Section 6. Coordination clause.
147 If this bill and S.B. 151, Amendments Related to Information Technology, both pass, it
148 is the intent of the Legislature that the Office of Legislative Research and General Counsel in
149 preparing the Utah Code database for publication:
150 (1) treat this coordination clause as superseding the coordination clause in S.B. 151 to
151 the extent that the coordination clause in S.B. 151 refers to this bill;
152 (2) delete the phrase "a state agency" in Subsection 63D-1-402(2) in this bill and
153 replace it with "an executive branch agency"; and
154 (3) renumber Title 63D, Chapter 1, Part 4, as enacted in this bill to Title 63D, Chapter
155 1a, Part 4.
[Bill Documents][Bills Directory]