Download Zipped Introduced WordPerfect HB0174S03.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]
Third Substitute H.B. 174
1
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill makes changes to the Child Protection Registry disclosure provisions.
10 Highlighted Provisions:
11 This bill:
12 . defines terms;
13 . requires the Division of Consumer Protection to:
14 . compile and secure a list of domain names and contact points that are registered
15 under the Child Protection Registry;
16 . implement the Child Protection Registry with respect to domain names and
17 email addresses beginning on July, 1, 2005; and
18 . implement the Child Protection Registry with respect to a contact point, other
19 than an email address, when the Division of Consumer Protection has
20 determined that security of the registry is adequate and has reported the
21 division's intent to implement the registry with respect to a contact point to the
22 Public Utilities and Technology Interim Committee;
23 . describes the circumstances under which a person may register a contact point or a
24 domain name;
25 . grants rulemaking authority to the Division of Consumer Protection;
26 . amends the disclosure to registrants provision of the Child Protection Registry to
27 conform to the criminal penalty provisions of Section 13-39-301 ;
28 . requires that the Division of Consumer Protection or a third party that contracts with
29 the division to establish and secure the Child Protection Registry provide a
30 disclosure to a person who registers a contact point with the Child Protection
31 Registry;
32 . amends provisions related to the disclosure described previously;
33 . provides that a person who uses the registry before sending a communication shall
34 provide identifying information required by the division;
35 . provides that the contract with the third party that establishes and secures the Child
36 Protection Registry shall require that:
37 . the third party provide a statement to a person who seeks information regarding
38 the registry relating to establishing and registering a new email account; and
39 . if the security of the Child Protection Registry is compromised, notice shall be
40 given to each person who has registered on the Child Protection Registry, to the
41 Division of Consumer Protection, and to a person designated by the division, by
42 rule, that the security of the Child Protection Registry has been compromised;
43 . makes technical changes, including clarifying that the Division of Consumer
44 Protection shall administer and enforce the Child Protection Registry;
45 . addresses the release of information on the registry;
46 . makes it a crime to send certain communications to certain contact points if the
47 contact point or domain name have been listed on the Child Protection Registry for
48 more than 30 calendar days;
49 . makes it a crime to send, cause to be sent, or conspire with a third party to send,
50 certain communications to a contact point after improperly obtaining the contact
51 point from the Child Protection Registry;
52 . makes it a crime to improperly use, or transfer to a third party to use, information
53 from the registry;
54 . establishes criminal penalties and a civil cause of action for violating the criminal
55 provisions described previously; and
56 . establishes a defense to the crimes described in this bill.
57 Monies Appropriated in this Bill:
58 None
59 Other Special Clauses:
60 This bill takes effect on July 1, 2005.
61 Utah Code Sections Affected:
62 AMENDS:
63 13-2-1, as last amended by Chapter 222, Laws of Utah 2002
64 13-39-102 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
65 13-39-201 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
66 13-39-202 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
67 13-39-203 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
68 13-39-301 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
69 13-39-302 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
70 13-39-304 (Effective 07/01/05), as enacted by Chapter 338, Laws of Utah 2004
71 ENACTS:
72 13-39-204, Utah Code Annotated 1953
73
74 Be it enacted by the Legislature of the state of Utah:
75 Section 1. Section 13-2-1 is amended to read:
76 13-2-1. Consumer protection division established -- Functions.
77 (1) There is established within the Department of Commerce the Division of Consumer
78 Protection.
79 (2) The division shall administer and enforce the following:
80 (a) Chapter 5, Unfair Practices Act;
81 (b) Chapter 10a, Music Licensing Practices Act;
82 (c) Chapter 11, Utah Consumer Sales Practices Act;
83 (d) Chapter 15, Business Opportunity Disclosure Act;
84 (e) Chapter 20, New Motor Vehicles Warranties Act;
85 (f) Chapter 21, Credit Services Organizations Act;
86 (g) Chapter 22, Charitable Solicitations Act;
87 (h) Chapter 23, Health Spa Services Protection Act;
88 (i) Chapter 25a, Telephone and Facsimile Solicitation Act;
89 (j) Chapter 26, Telephone Fraud Prevention Act;
90 (k) Chapter 28, Prize Notices Regulation Act;
91 (l) Chapter 30, Utah Personal Introduction Services Protection Act; [
92 (m) Chapter 34, Utah Postsecondary Proprietary School Act[
93 (n) Chapter 39, Child Protection Registry.
94 Section 2. Section 13-39-102 (Effective 07/01/05) is amended to read:
95 13-39-102 (Effective 07/01/05). Definitions.
96 As used in this chapter:
97 (1) "Contact point" means an electronic identification to which a communication may
98 be sent, including:
99 (a) an email address; [
100 [
101 [
102 Subsection 13-39-203 (1);
103 [
104 [
105 [
106 [
107 [
108 13-39-203 (1).
109 (2) "Division" means the Division of Consumer Protection in the Department of
110 Commerce.
111 (3) "Domain name" means an alphanumeric designation that is registered with or
112 assigned by any domain name registrar, registry, or registration authority as part of an
113 electronic address on the internet.
114 [
115 13-39-201 .
116 Section 3. Section 13-39-201 (Effective 07/01/05) is amended to read:
117 13-39-201 (Effective 07/01/05). Establishment of child protection registry.
118 (1) [
119 (a) establish and operate a [
120 (i) compile and secure a list of domain names that the division has received for
121 registration under this section;
122 (ii) compile and secure a list of contact points that the division has received [
123
124 (iii) compile and secure a list of email addresses that the division has received for
125 registration under this section; or
126 (b) consistent with Subsection (6), contract with a third party to establish and secure
127 the registry described in Subsection (1)(a).
128 (2) (a) The division shall implement the registry described in this section with respect
129 to [
130 (b) [
131 registry described in this section with respect to [
132 after:
133 (i) the division has determined to the satisfaction of the division that the security of the
134 registry described in this section with respect to [
135 and
136 (ii) the division has reported to the Utah Technology Commission and the Public
137 Utilities and Technology Interim Committee the intention of the division to implement the
138 registry described in this section with respect to [
139 [
140
141
142 [
143
144 [
145
146
147
148 (c) The division shall implement the registry described in this section with respect to
149 email addresses beginning on July 1, 2005.
150 (3) A person may register a domain name with the division if:
151 (a) the person has majority ownership or control over the domain name;
152 (b) (i) the person is domiciled in Utah; or
153 (ii) the domain name is maintained using business operations in Utah;
154 (c) all contact points that use the domain name are assigned to residents of the state;
155 and
156 (d) the domain name primarily provides services to minors.
157 [
158 established by the division under [
159 (i) (A) the contact point belongs to a minor; or
160 [
161 (ii) the division has implemented the registry with respect to the type of contact point
162 that the person is seeking to register.
163 (b) A school or other institution that primarily serves minors may register its domain
164 name with the division pursuant to rules made by the division under Subsection 13-39-203 (1).
165 (c) The division or a third party described in Subsection (1)(b) shall provide a
166 disclosure to a person who registers a contact point under this section that [
167 following statement: "No solution is completely secure. The most effective way to protect
168 children on the Internet is to supervise use and review all email messages and other
169 correspondence prior to viewing by a child. Under law, theft or unauthorized use of a contact
170 point from the Child Protection Registry is a [
171 attempt will be made to secure the Child Protection Registry, registrants and their guardians
172 should be aware that their contact points may be at a greater risk of being misappropriated by
173 marketers or other persons who choose to disobey the law."
174 (d) The division:
175 (i) may require that additional statements, as specified by the division, be included in
176 the disclosure described in Subsection (4)(c);
177 (ii) shall require that a third party described in Subsection (1)(b) provide additional
178 information regarding internet safety and protection, as specified by the division, to a person
179 who registers a contact point under this section; and
180 (iii) shall establish by rule under Title 63, Chapter 46a, Utah Administrative
181 Rulemaking Act, information that shall be collected from a person registering a contact point or
182 domain name on the registry to enable the party that establishes and secures the registry to
183 comply with Subsection (6)(b).
184 [
185 13-39-202 (1) to a contact point or domain shall:
186 (a) use a mechanism established by rule made by the division under Subsection
187 13-39-203 (2); [
188 (b) pay a fee for use of the mechanism described in Subsection [
189 by the division in accordance with Section 63-38-3.2 [
190 (c) provide identifying information regarding the person, as required by the division.
191 (6) The contract described in Subsection (1)(b) shall require the third party that
192 establishes and secures the registry to:
193 (a) provide a statement to a person who seeks information regarding the registry:
194 (i) that the person may:
195 (A) open a new email account with an alternate email service provider; and
196 (B) register the new email account, instead of the person's primary email account, on
197 the registry;
198 (ii) suggesting that the person take the action described in Subsection (6)(a)(i); and
199 (iii) listing or providing links to email service providers that the division determines
200 satisfy criteria for protecting children; and
201 (b) if the security of the registry is compromised, provide notice of the security
202 compromise to:
203 (i) each person who has registered a contact point or domain name on the registry;
204 (ii) the division; and
205 (iii) any other person designated by the division by rule under Title 63, Chapter 46a,
206 Utah Administrative Rulemaking Act.
207 Section 4. Section 13-39-202 (Effective 07/01/05) is amended to read:
208 13-39-202 (Effective 07/01/05). Prohibition of sending certain materials to a
209 registered contact point.
210 (1) A person may not send, cause to be sent, or conspire with a third party to send a
211 communication to a contact point [
212 calendar days with the division under Section 13-39-201 or a contact point with an address that
213 contains a domain name that has been registered for more than 30 calendar days with the
214 division under Section 13-39-201 if the communication:
215 (a) advertises a product or service that a minor is prohibited by law from purchasing; or
216 (b) contains or advertises material that is harmful to minors, as defined in Section
217 76-10-1201 .
218 (2) The consent of a minor is not a defense to a violation of this section.
219 (3) An Internet service provider does not violate this section for solely transmitting a
220 message across the network of the Internet service provider.
221 Section 5. Section 13-39-203 (Effective 07/01/05) is amended to read:
222 13-39-203 (Effective 07/01/05). Rulemaking authority.
223 In accordance with Title 63, Chapter 46a, Utah Administrative Rulemaking Act, after
224 the division has implemented the registry with respect to a type of contact point under
225 Subsection 13-39-201 (2), the division shall make rules to establish procedures relating to that
226 type of contact point under which:
227 (1) (a) a person may register a contact point with the division under Section 13-39-201 ,
228 including:
229 (i) the information necessary to register an instant message identity; and
230 (ii) for purposes of Subsection 13-39-102 (1)[
231 similar to a contact point listed in Subsection 13-39-102 (1); and
232 (b) a school or other institution that primarily serves minors may register its domain
233 name with the division under Section 13-39-201 ; and
234 (2) the division shall:
235 (a) provide a mechanism under which a person described in Subsection
236 13-39-201 [
237 from the person's communications; and
238 (b) establish the mechanism described in Subsection (2)(a) in a manner that protects
239 the privacy and security of a contact point registered with the division under Section
240 13-39-201 .
241 Section 6. Section 13-39-204 is enacted to read:
242 13-39-204. Release of information on registry.
243 The information on the registry may not be released to any person except:
244 (1) as provided in this chapter; or
245 (2) under court order.
246 Section 7. Section 13-39-301 (Effective 07/01/05) is amended to read:
247 13-39-301 (Effective 07/01/05). Criminal penalty.
248 (1) A person who violates Section 13-39-202 commits a computer crime and:
249 (a) is guilty of a class B misdemeanor for a first offense [
250
251 (b) is guilty of a class A misdemeanor[
252
253 [
254
255 (2) A person commits a computer crime and is guilty of a second degree felony if the
256 person:
257 (a) uses information obtained from the division under this chapter to violate Section
258 13-39-202 ; or
259 (b) improperly:
260 (i) obtains contact points from the registry; [
261 (ii) attempts to obtain contact points from the registry; or
262 [
263
264 (3) A person commits a computer crime and is guilty of a second degree felony if the
265 person:
266 (a) improperly obtains a contact point from the registry; and
267 (b) after improperly obtaining the contact point described in Subsection (3)(a), sends,
268 causes to be sent, or conspires with a third party to send, to the contact point a communication
269 that contains or advertises material that is harmful to minors, as defined in Section 76-10-1201 .
270 [
271 from civil liability in an action under Section 13-39-302 .
272 [
273 offense under this section.
274 Section 8. Section 13-39-302 (Effective 07/01/05) is amended to read:
275 13-39-302 (Effective 07/01/05). Civil action for violation.
276 (1) For a violation of Section 13-39-202 , an action may be brought by:
277 [
278
279 (a) a person who receives a communication sent in violation of Section 13-39-202 ; or
280 (b) a legal guardian of a [
281 (2) In each action under Subsection (1):
282 (a) a person described in Subsection (1) may recover the greater of:
283 (i) actual damages; or
284 (ii) $1,000 for each communication sent in violation of Section 13-39-202 ; and
285 (b) the prevailing party shall be awarded costs and reasonable attorney fees.
286 Section 9. Section 13-39-304 (Effective 07/01/05) is amended to read:
287 13-39-304 (Effective 07/01/05). Defenses.
288 It is a defense to an action brought under this chapter that a person:
289 (1) reasonably relied on the [
290
291 (2) took reasonable measures to comply with this chapter.
292 Section 10. Effective date.
293 This bill takes effect on July 1, 2005.
[Bill Documents][Bills Directory]