! The Capitol Complex is closed to the public due to COVID-19. All meetings will be held virtually online. View procedures and guidelines (PDF) for remote public comment and virtual meeting instructions (PDF).

Download Zipped Enrolled WordPerfect HB0025.ZIP
[Introduced][Amended][Status][Bill Documents][Fiscal Note][Bills Directory]

H.B. 25 Enrolled

                 

GOVERNMENTAL INTERNET INFORMATION

                 
PRIVACY ACT

                 
2004 GENERAL SESSION

                 
STATE OF UTAH

                 
Sponsor: Wayne A. Harper

                 
                  LONG TITLE
                  General Description:
                      This bill modifies the Information Technology Act to enact the Governmental Internet
                  Information Privacy Act.
                  Highlighted Provisions:
                      This bill:
                      .    enacts provisions governing privacy policies and the collection of personally
                  identifiable information by a governmental entity; and
                      .    enacts provisions regulating the posting of personally identifiable information on a
                  court website.
                  Monies Appropriated in this Bill:
                      None
                  Other Special Clauses:
                      None
                  Utah Code Sections Affected:
                  ENACTS:
                      63D-2-101, Utah Code Annotated 1953
                      63D-2-102, Utah Code Annotated 1953
                      63D-2-103, Utah Code Annotated 1953
                      63D-2-104, Utah Code Annotated 1953
                 
                  Be it enacted by the Legislature of the state of Utah:
                      Section 1. Section 63D-2-101 is enacted to read:


                 
CHAPTER 2. GOVERNMENTAL INTERNET INFORMATION PRIVACY ACT

                      63D-2-101. Title.
                      This chapter is known as the "Governmental Internet Information Privacy Act."
                      Section 2. Section 63D-2-102 is enacted to read:
                      63D-2-102. Definitions.
                      As used in this chapter:
                      (1) (a) "Collect" means the gathering of personally identifiable information:
                      (i) from a user of a governmental website; or
                      (ii) about a user of the governmental website.
                      (b) "Collect" includes use of any identifying code linked to a user of a governmental
                  website.
                      (2) "Court website" means a website on the Internet that is operated by or on behalf of
                  any court created in Title 78, Judicial Code.
                      (3) "Governmental entity" means:
                      (a) an executive branch agency as defined in Section 63D-1a-102 ;
                      (b) the legislative branch;
                      (c) the judicial branch;
                      (d) the State Board of Education;
                      (e) the Board of Regents;
                      (f) an institution of higher education; and
                      (g) a political subdivision of the state:
                      (i) as defined in Section 17B-2-101 ; and
                      (ii) including a school district.
                      (4) (a) "Governmental website" means a website on the Internet that is operated by or on
                  behalf of a governmental entity.
                      (b) "Governmental website" includes a court website.
                      (5) "Governmental website operator" means a governmental entity or person acting on
                  behalf of the governmental entity that:

- 2 -


                      (a) operates a governmental website; and
                      (b) collects or maintains personally identifiable information from or about a user of that
                  website.
                      (6) "Personally identifiable information" means information that identifies:
                      (a) a user by:
                      (i) name;
                      (ii) account number;
                      (iii) physical address;
                      (iv) email address;
                      (v) telephone number;
                      (vi) Social Security number;
                      (vii) credit card information; or
                      (viii) bank account information;
                      (b) a user as having requested or obtained specific materials or services from a
                  governmental website;
                      (c) Internet sites visited by a user; or
                      (d) any of the contents of a user's data-storage device.
                      (7) "User" means a person who accesses a governmental website.
                      Section 3. Section 63D-2-103 is enacted to read:
                      63D-2-103. Collection of personally identifiable information.
                      (1) A governmental entity may not collect personally identifiable information related to a
                  user of the governmental entity's governmental website unless the governmental entity has taken
                  reasonable steps to ensure that on the day on which the personally identifiable information is
                  collected the governmental entity's governmental website complies with Subsection (2).
                      (2) A governmental website shall contain a privacy policy statement that discloses:
                      (a) (i) the identity of the governmental website operator; and
                      (ii) how the governmental website operator may be contacted:
                      (A) by telephone; or

- 3 -


                      (B) electronically;
                      (b) the personally identifiable information collected by the governmental entity;
                      (c) a summary of how the personally identifiable information is used by:
                      (i) the governmental entity; or
                      (ii) the governmental website operator;
                      (d) the practices of the following related to disclosure of personally identifiable
                  information collected:
                      (i) the governmental entity; or
                      (ii) the governmental website operator;
                      (e) the procedures, if any, by which a user of a governmental entity may request:
                      (i) access to the user's personally identifiable information; and
                      (ii) access to correct the user's personally identifiable information; and
                      (f) without compromising the integrity of the security measures, a general description of
                  the security measures in place to protect a user's personally identifiable information from
                  unintended disclosure.
                      (3) (a) Personally identifiable information is not a classification of records under Title 63,
                  Chapter 2, Government Records Access and Management Act.
                      (b) Access to government records is governed by Title 63, Chapter 2, Government
                  Records Access and Management Act.
                      Section 4. Section 63D-2-104 is enacted to read:
                      63D-2-104. Posting certain information on a court website.
                      (1) Except as provided in Subsections (2) and (3), a court website:
                      (a) may not display personally identifiable information; and
                      (b) shall contain a conspicuous notice that includes a list of documents routinely posted
                  on the court website.
                      (2) This section does not prohibit access to any original document as provided by law.
                      (3) This section does not apply to:
                      (a) the Registry of Judgments created in Section 78-22-1.5 , if the Registry of Judgments

- 4 -


                  complies with Subsection (3)(b);
                      (b) remote access to a document through a network or system that:
                      (i) is secure; and
                      (ii) provides restricted access through security standards developed by the court,
                  including a registration requirement under which a prospective user must provide the prospective
                  user's:
                      (A) identity;
                      (B) business or residence address; and
                      (C) citizenship status;
                      (c) postings related to legitimate law enforcement purposes;
                      (d) postings of documents filed or recorded more than 100 years prior to the posting;
                      (e) postings of:
                      (i) historical information;
                      (ii) genealogical information;
                      (iii) interpretive information about historic persons and events; or
                      (iv) educational information about historic persons and events; or
                      (f) postings of information instructing a user how to contact a website operator,
                  employee, or other representative of the court.

- 5 -


[Bill Documents][Bills Directory]