Download Zipped Enrolled WordPerfect HB0025.ZIP
[Introduced][Amended][Status][Bill Documents][Fiscal Note][Bills Directory]
H.B. 25 Enrolled
LONG TITLE
General Description:
This bill modifies the Information Technology Act to enact the Governmental Internet
Information Privacy Act.
Highlighted Provisions:
This bill:
. enacts provisions governing privacy policies and the collection of personally
identifiable information by a governmental entity; and
. enacts provisions regulating the posting of personally identifiable information on a
court website.
Monies Appropriated in this Bill:
None
Other Special Clauses:
None
Utah Code Sections Affected:
ENACTS:
63D-2-101, Utah Code Annotated 1953
63D-2-102, Utah Code Annotated 1953
63D-2-103, Utah Code Annotated 1953
63D-2-104, Utah Code Annotated 1953
Be it enacted by the Legislature of the state of Utah:
Section 1. Section 63D-2-101 is enacted to read:
63D-2-101. Title.
This chapter is known as the "Governmental Internet Information Privacy Act."
Section 2. Section 63D-2-102 is enacted to read:
63D-2-102. Definitions.
As used in this chapter:
(1) (a) "Collect" means the gathering of personally identifiable information:
(i) from a user of a governmental website; or
(ii) about a user of the governmental website.
(b) "Collect" includes use of any identifying code linked to a user of a governmental
website.
(2) "Court website" means a website on the Internet that is operated by or on behalf of
any court created in Title 78, Judicial Code.
(3) "Governmental entity" means:
(a) an executive branch agency as defined in Section 63D-1a-102 ;
(b) the legislative branch;
(c) the judicial branch;
(d) the State Board of Education;
(e) the Board of Regents;
(f) an institution of higher education; and
(g) a political subdivision of the state:
(i) as defined in Section 17B-2-101 ; and
(ii) including a school district.
(4) (a) "Governmental website" means a website on the Internet that is operated by or on
behalf of a governmental entity.
(b) "Governmental website" includes a court website.
(5) "Governmental website operator" means a governmental entity or person acting on
behalf of the governmental entity that:
(a) operates a governmental website; and
(b) collects or maintains personally identifiable information from or about a user of that
website.
(6) "Personally identifiable information" means information that identifies:
(a) a user by:
(i) name;
(ii) account number;
(iii) physical address;
(iv) email address;
(v) telephone number;
(vi) Social Security number;
(vii) credit card information; or
(viii) bank account information;
(b) a user as having requested or obtained specific materials or services from a
governmental website;
(c) Internet sites visited by a user; or
(d) any of the contents of a user's data-storage device.
(7) "User" means a person who accesses a governmental website.
Section 3. Section 63D-2-103 is enacted to read:
63D-2-103. Collection of personally identifiable information.
(1) A governmental entity may not collect personally identifiable information related to a
user of the governmental entity's governmental website unless the governmental entity has taken
reasonable steps to ensure that on the day on which the personally identifiable information is
collected the governmental entity's governmental website complies with Subsection (2).
(2) A governmental website shall contain a privacy policy statement that discloses:
(a) (i) the identity of the governmental website operator; and
(ii) how the governmental website operator may be contacted:
(A) by telephone; or
(B) electronically;
(b) the personally identifiable information collected by the governmental entity;
(c) a summary of how the personally identifiable information is used by:
(i) the governmental entity; or
(ii) the governmental website operator;
(d) the practices of the following related to disclosure of personally identifiable
information collected:
(i) the governmental entity; or
(ii) the governmental website operator;
(e) the procedures, if any, by which a user of a governmental entity may request:
(i) access to the user's personally identifiable information; and
(ii) access to correct the user's personally identifiable information; and
(f) without compromising the integrity of the security measures, a general description of
the security measures in place to protect a user's personally identifiable information from
unintended disclosure.
(3) (a) Personally identifiable information is not a classification of records under Title 63,
Chapter 2, Government Records Access and Management Act.
(b) Access to government records is governed by Title 63, Chapter 2, Government
Records Access and Management Act.
Section 4. Section 63D-2-104 is enacted to read:
63D-2-104. Posting certain information on a court website.
(1) Except as provided in Subsections (2) and (3), a court website:
(a) may not display personally identifiable information; and
(b) shall contain a conspicuous notice that includes a list of documents routinely posted
on the court website.
(2) This section does not prohibit access to any original document as provided by law.
(3) This section does not apply to:
(a) the Registry of Judgments created in Section 78-22-1.5 , if the Registry of Judgments
complies with Subsection (3)(b);
(b) remote access to a document through a network or system that:
(i) is secure; and
(ii) provides restricted access through security standards developed by the court,
including a registration requirement under which a prospective user must provide the prospective
user's:
(A) identity;
(B) business or residence address; and
(C) citizenship status;
(c) postings related to legitimate law enforcement purposes;
(d) postings of documents filed or recorded more than 100 years prior to the posting;
(e) postings of:
(i) historical information;
(ii) genealogical information;
(iii) interpretive information about historic persons and events; or
(iv) educational information about historic persons and events; or
(f) postings of information instructing a user how to contact a website operator,
employee, or other representative of the court.
[Bill Documents][Bills Directory]