Download Zipped Enrolled WordPerfect HB0141.ZIP
[Introduced][Status][Bill Documents][Fiscal Note] [Bills Directory]
H.B. 141 Enrolled
1
2
3
4
5
6
7
8 LONG TITLE
9 General Description:
10 This bill amends provisions and establishes an identify theft program and database in the
11 Office of the Attorney General.
12 Highlighted Provisions:
13 This bill:
14 . amends provisions in the Government Records Access and Management Act to
15 provide protected status to all information collected in relation to the Identity Theft
16 Reporting Information System established in the Office of the Attorney General;
17 . establishes the Identity Theft Reporting Information System (IRIS) program in the
18 Office of the Attorney General;
19 . states the purposes of the IRIS program;
20 . establishes a database to store information related to the reporting, investigation, and
21 resolution of identity theft reports filed under the IRIS program;
22 . provides requirements for the format, contents, and administration of the IRIS
23 database;
24 . provides that the Department of Technology Services shall maintain, administer, and
25 make rules in relation to use of the database, with the approval of the Office of the
26 Attorney General;
27 . provides criminal penalties for unlawful access or misuse of information in the IRIS
28 database; and
29 . makes technical amendments.
30 Monies Appropriated in this Bill:
31 None
32 Other Special Clauses:
33 This bill coordinates with H.B. 63, Recodification of Title 63 State Affairs in General,
34 by providing technical renumbering.
35 Utah Code Sections Affected:
36 AMENDS:
37 63-2-304, as last amended by Laws of Utah 2008, Chapter 3
38 67-5-22, as enacted by Laws of Utah 2007, Chapter 311
39
40 Be it enacted by the Legislature of the state of Utah:
41 Section 1. Section 63-2-304 is amended to read:
42 63-2-304. Protected records.
43 The following records are protected if properly classified by a governmental entity:
44 (1) trade secrets as defined in Section 13-24-2 if the person submitting the trade secret
45 has provided the governmental entity with the information specified in Section 63-2-308 ;
46 (2) commercial information or nonindividual financial information obtained from a
47 person if:
48 (a) disclosure of the information could reasonably be expected to result in unfair
49 competitive injury to the person submitting the information or would impair the ability of the
50 governmental entity to obtain necessary information in the future;
51 (b) the person submitting the information has a greater interest in prohibiting access
52 than the public in obtaining access; and
53 (c) the person submitting the information has provided the governmental entity with the
54 information specified in Section 63-2-308 ;
55 (3) commercial or financial information acquired or prepared by a governmental entity
56 to the extent that disclosure would lead to financial speculations in currencies, securities, or
57 commodities that will interfere with a planned transaction by the governmental entity or cause
58 substantial financial injury to the governmental entity or state economy;
59 (4) records the disclosure of which could cause commercial injury to, or confer a
60 competitive advantage upon a potential or actual competitor of, a commercial project entity as
61 defined in Subsection 11-13-103 (4);
62 (5) test questions and answers to be used in future license, certification, registration,
63 employment, or academic examinations;
64 (6) records the disclosure of which would impair governmental procurement
65 proceedings or give an unfair advantage to any person proposing to enter into a contract or
66 agreement with a governmental entity, except that this Subsection (6) does not restrict the right
67 of a person to see bids submitted to or by a governmental entity after bidding has closed;
68 (7) records that would identify real property or the appraisal or estimated value of real
69 or personal property, including intellectual property, under consideration for public acquisition
70 before any rights to the property are acquired unless:
71 (a) public interest in obtaining access to the information outweighs the governmental
72 entity's need to acquire the property on the best terms possible;
73 (b) the information has already been disclosed to persons not employed by or under a
74 duty of confidentiality to the entity;
75 (c) in the case of records that would identify property, potential sellers of the described
76 property have already learned of the governmental entity's plans to acquire the property;
77 (d) in the case of records that would identify the appraisal or estimated value of
78 property, the potential sellers have already learned of the governmental entity's estimated value
79 of the property; or
80 (e) the property under consideration for public acquisition is a single family residence
81 and the governmental entity seeking to acquire the property has initiated negotiations to acquire
82 the property as required under Section 78B-6-505 ;
83 (8) records prepared in contemplation of sale, exchange, lease, rental, or other
84 compensated transaction of real or personal property including intellectual property, which, if
85 disclosed prior to completion of the transaction, would reveal the appraisal or estimated value
86 of the subject property, unless:
87 (a) the public interest in access outweighs the interests in restricting access, including
88 the governmental entity's interest in maximizing the financial benefit of the transaction; or
89 (b) when prepared by or on behalf of a governmental entity, appraisals or estimates of
90 the value of the subject property have already been disclosed to persons not employed by or
91 under a duty of confidentiality to the entity;
92 (9) records created or maintained for civil, criminal, or administrative enforcement
93 purposes or audit purposes, or for discipline, licensing, certification, or registration purposes, if
94 release of the records:
95 (a) reasonably could be expected to interfere with investigations undertaken for
96 enforcement, discipline, licensing, certification, or registration purposes;
97 (b) reasonably could be expected to interfere with audits, disciplinary, or enforcement
98 proceedings;
99 (c) would create a danger of depriving a person of a right to a fair trial or impartial
100 hearing;
101 (d) reasonably could be expected to disclose the identity of a source who is not
102 generally known outside of government and, in the case of a record compiled in the course of an
103 investigation, disclose information furnished by a source not generally known outside of
104 government if disclosure would compromise the source; or
105 (e) reasonably could be expected to disclose investigative or audit techniques,
106 procedures, policies, or orders not generally known outside of government if disclosure would
107 interfere with enforcement or audit efforts;
108 (10) records the disclosure of which would jeopardize the life or safety of an individual;
109 (11) records the disclosure of which would jeopardize the security of governmental
110 property, governmental programs, or governmental recordkeeping systems from damage, theft,
111 or other appropriation or use contrary to law or public policy;
112 (12) records that, if disclosed, would jeopardize the security or safety of a correctional
113 facility, or records relating to incarceration, treatment, probation, or parole, that would interfere
114 with the control and supervision of an offender's incarceration, treatment, probation, or parole;
115 (13) records that, if disclosed, would reveal recommendations made to the Board of
116 Pardons and Parole by an employee of or contractor for the Department of Corrections, the
117 Board of Pardons and Parole, or the Department of Human Services that are based on the
118 employee's or contractor's supervision, diagnosis, or treatment of any person within the board's
119 jurisdiction;
120 (14) records and audit workpapers that identify audit, collection, and operational
121 procedures and methods used by the State Tax Commission, if disclosure would interfere with
122 audits or collections;
123 (15) records of a governmental audit agency relating to an ongoing or planned audit
124 until the final audit is released;
125 (16) records prepared by or on behalf of a governmental entity solely in anticipation of
126 litigation that are not available under the rules of discovery;
127 (17) records disclosing an attorney's work product, including the mental impressions or
128 legal theories of an attorney or other representative of a governmental entity concerning
129 litigation;
130 (18) records of communications between a governmental entity and an attorney
131 representing, retained, or employed by the governmental entity if the communications would be
132 privileged as provided in Section 78B-1-137 ;
133 (19) (a) (i) personal files of a state legislator, including personal correspondence to or
134 from a member of the Legislature; and
135 (ii) notwithstanding Subsection (19)(a)(i), correspondence that gives notice of
136 legislative action or policy may not be classified as protected under this section; and
137 (b) (i) an internal communication that is part of the deliberative process in connection
138 with the preparation of legislation between:
139 (A) members of a legislative body;
140 (B) a member of a legislative body and a member of the legislative body's staff; or
141 (C) members of a legislative body's staff; and
142 (ii) notwithstanding Subsection (19)(b)(i), a communication that gives notice of
143 legislative action or policy may not be classified as protected under this section;
144 (20) (a) records in the custody or control of the Office of Legislative Research and
145 General Counsel, that, if disclosed, would reveal a particular legislator's contemplated
146 legislation or contemplated course of action before the legislator has elected to support the
147 legislation or course of action, or made the legislation or course of action public; and
148 (b) notwithstanding Subsection (20)(a), the form to request legislation submitted to the
149 Office of Legislative Research and General Counsel is a public document unless a legislator asks
150 that the records requesting the legislation be maintained as protected records until such time as
151 the legislator elects to make the legislation or course of action public;
152 (21) research requests from legislators to the Office of Legislative Research and
153 General Counsel or the Office of the Legislative Fiscal Analyst and research findings prepared in
154 response to these requests;
155 (22) drafts, unless otherwise classified as public;
156 (23) records concerning a governmental entity's strategy about collective bargaining or
157 pending litigation;
158 (24) records of investigations of loss occurrences and analyses of loss occurrences that
159 may be covered by the Risk Management Fund, the Employers' Reinsurance Fund, the
160 Uninsured Employers' Fund, or similar divisions in other governmental entities;
161 (25) records, other than personnel evaluations, that contain a personal recommendation
162 concerning an individual if disclosure would constitute a clearly unwarranted invasion of
163 personal privacy, or disclosure is not in the public interest;
164 (26) records that reveal the location of historic, prehistoric, paleontological, or
165 biological resources that if known would jeopardize the security of those resources or of
166 valuable historic, scientific, educational, or cultural information;
167 (27) records of independent state agencies if the disclosure of the records would
168 conflict with the fiduciary obligations of the agency;
169 (28) records of an institution within the state system of higher education defined in
170 Section 53B-1-102 regarding tenure evaluations, appointments, applications for admissions,
171 retention decisions, and promotions, which could be properly discussed in a meeting closed in
172 accordance with Title 52, Chapter 4, Open and Public Meetings Act, provided that records of
173 the final decisions about tenure, appointments, retention, promotions, or those students
174 admitted, may not be classified as protected under this section;
175 (29) records of the governor's office, including budget recommendations, legislative
176 proposals, and policy statements, that if disclosed would reveal the governor's contemplated
177 policies or contemplated courses of action before the governor has implemented or rejected
178 those policies or courses of action or made them public;
179 (30) records of the Office of the Legislative Fiscal Analyst relating to budget analysis,
180 revenue estimates, and fiscal notes of proposed legislation before issuance of the final
181 recommendations in these areas;
182 (31) records provided by the United States or by a government entity outside the state
183 that are given to the governmental entity with a requirement that they be managed as protected
184 records if the providing entity certifies that the record would not be subject to public disclosure
185 if retained by it;
186 (32) transcripts, minutes, or reports of the closed portion of a meeting of a public body
187 except as provided in Section 52-4-206 ;
188 (33) records that would reveal the contents of settlement negotiations but not including
189 final settlements or empirical data to the extent that they are not otherwise exempt from
190 disclosure;
191 (34) memoranda prepared by staff and used in the decision-making process by an
192 administrative law judge, a member of the Board of Pardons and Parole, or a member of any
193 other body charged by law with performing a quasi-judicial function;
194 (35) records that would reveal negotiations regarding assistance or incentives offered
195 by or requested from a governmental entity for the purpose of encouraging a person to expand
196 or locate a business in Utah, but only if disclosure would result in actual economic harm to the
197 person or place the governmental entity at a competitive disadvantage, but this section may not
198 be used to restrict access to a record evidencing a final contract;
199 (36) materials to which access must be limited for purposes of securing or maintaining
200 the governmental entity's proprietary protection of intellectual property rights including patents,
201 copyrights, and trade secrets;
202 (37) the name of a donor or a prospective donor to a governmental entity, including an
203 institution within the state system of higher education defined in Section 53B-1-102 , and other
204 information concerning the donation that could reasonably be expected to reveal the identity of
205 the donor, provided that:
206 (a) the donor requests anonymity in writing;
207 (b) any terms, conditions, restrictions, or privileges relating to the donation may not be
208 classified protected by the governmental entity under this Subsection (37); and
209 (c) except for an institution within the state system of higher education defined in
210 Section 53B-1-102 , the governmental unit to which the donation is made is primarily engaged in
211 educational, charitable, or artistic endeavors, and has no regulatory or legislative authority over
212 the donor, a member of the donor's immediate family, or any entity owned or controlled by the
213 donor or the donor's immediate family;
214 (38) accident reports, except as provided in Sections 41-6a-404 , 41-12a-202 , and
215 73-18-13 ;
216 (39) a notification of workers' compensation insurance coverage described in Section
217 34A-2-205 ;
218 (40) (a) the following records of an institution within the state system of higher
219 education defined in Section 53B-1-102 , which have been developed, discovered, disclosed to,
220 or received by or on behalf of faculty, staff, employees, or students of the institution:
221 (i) unpublished lecture notes;
222 (ii) unpublished notes, data, and information:
223 (A) relating to research; and
224 (B) of:
225 (I) the institution within the state system of higher education defined in Section
226 53B-1-102 ; or
227 (II) a sponsor of sponsored research;
228 (iii) unpublished manuscripts;
229 (iv) creative works in process;
230 (v) scholarly correspondence; and
231 (vi) confidential information contained in research proposals;
232 (b) Subsection (40)(a) may not be construed to prohibit disclosure of public information
233 required pursuant to Subsection 53B-16-302 (2)(a) or (b); and
234 (c) Subsection (40)(a) may not be construed to affect the ownership of a record;
235 (41) (a) records in the custody or control of the Office of Legislative Auditor General
236 that would reveal the name of a particular legislator who requests a legislative audit prior to the
237 date that audit is completed and made public; and
238 (b) notwithstanding Subsection (41)(a), a request for a legislative audit submitted to the
239 Office of the Legislative Auditor General is a public document unless the legislator asks that the
240 records in the custody or control of the Office of Legislative Auditor General that would reveal
241 the name of a particular legislator who requests a legislative audit be maintained as protected
242 records until the audit is completed and made public;
243 (42) records that provide detail as to the location of an explosive, including a map or
244 other document that indicates the location of:
245 (a) a production facility; or
246 (b) a magazine;
247 (43) information [
248 (a) contained in the statewide database of the Division of Aging and Adult Services
249 created by Section 62A-3-311.1 ; or
250 (b) received or maintained in relation to the Identity Theft Reporting Information
251 System (IRIS) established under Section 67-5-22 ;
252 (44) information contained in the Management Information System and Licensing
253 Information System described in Title 62A, Chapter 4a, Child and Family Services;
254 (45) information regarding National Guard operations or activities in support of the
255 National Guard's federal mission;
256 (46) records provided by any pawn or secondhand business to a law enforcement
257 agency or to the central database in compliance with Title 13, Chapter 32a, Pawnshop and
258 Secondhand Merchandise Transaction Information Act;
259 (47) information regarding food security, risk, and vulnerability assessments performed
260 by the Department of Agriculture and Food;
261 (48) except to the extent that the record is exempt from this chapter pursuant to
262 Section 63-2-106 , records related to an emergency plan or program prepared or maintained by
263 the Division of Homeland Security the disclosure of which would jeopardize:
264 (a) the safety of the general public; or
265 (b) the security of:
266 (i) governmental property;
267 (ii) governmental programs; or
268 (iii) the property of a private person who provides the Division of Homeland Security
269 information;
270 (49) records of the Department of Agriculture and Food relating to the National Animal
271 Identification System or any other program that provides for the identification, tracing, or
272 control of livestock diseases, including any program established under Title 4, Chapter 24, Utah
273 Livestock Brand and Anti-theft Act or Title 4, Chapter 31, Livestock Inspection and
274 Quarantine;
275 (50) as provided in Section 26-39-109 :
276 (a) information or records held by the Department of Health related to a complaint
277 regarding a child care program or residential child care which the department is unable to
278 substantiate; and
279 (b) information or records related to a complaint received by the Department of Health
280 from an anonymous complainant regarding a child care program or residential child care; and
281 (51) unless otherwise classified as public under Section 63-2-301 and except as
282 provided under Section 41-1a-116 , an individual's home address, home telephone number, or
283 personal mobile phone number, if:
284 (a) the individual is required to provide the information in order to comply with a law,
285 ordinance, rule, or order of a government entity; and
286 (b) the subject of the record has a reasonable expectation that this information will be
287 kept confidential due to:
288 (i) the nature of the law, ordinance, rule, or order; and
289 (ii) the individual complying with the law, ordinance, rule, or order.
290 Section 2. Section 67-5-22 is amended to read:
291 67-5-22. Identity theft reporting information system -- Internet website and
292 database -- Access -- Maintenance and rulemaking -- Criminal provisions.
293 [
294 (1) There is created within the Office of the Attorney General the Identity Theft
295 Reporting Information System (IRIS) Program to establish a database and Internet website to:
296 (a) allow persons in the state to submit reports of identity theft;
297 (b) assist the Office of the Attorney General in notifying state and local law
298 enforcement agencies of reports of identity theft;
299 (c) provide assistance and resources to victims of identity theft;
300 (d) provide a centralized location where information related to incidents of identity theft
301 may be securely stored and accessed for the benefit of victims of identity theft; and
302 (e) provide public education and information relating to identity theft.
303 (2) (a) The Internet website shall be maintained by the Office of the Attorney General
304 and shall be made available to the public and to victims of identity-related crimes.
305 [
306 (i) allow a victim of an identity-related crime to report the crime on the website and
307 have the victim's report routed to the appropriate law enforcement agency for the jurisdiction in
308 which the crime occurred[
309 (ii) provide public education and information relating to identity theft.
310 [
311
312 according to the procedures of Subsection (4).
313 (3) (a) The Department of Technology Services shall administer and maintain the
314 database established under this section in an electronic file or other format as established by the
315 department.
316 (b) (i) The database shall be maintained for the purpose of identifying victims of identity
317 theft who have filed a report with the program established under this section, and may contain
318 the personally identifiable information for each victim, which may include the following
319 information related to an incident of identify theft:
320 (A) the victim's name, address, email addresses, and telephone numbers;
321 (B) the victim's Social Security number and other identifying information;
322 (C) the victim's financial institution information, account numbers, and transaction
323 information;
324 (D) the victim's benefit information;
325 (E) the victim's credit account information;
326 (F) the victim's loan information;
327 (G) the victim's employment information;
328 (H) the victim's Internal Revenue Service or tax information;
329 (I) the victim's utility service information;
330 (J) information concerning legal matters or collections related to the incident;
331 (K) information concerning unauthorized or illegal transactions, denied credit, stolen
332 identification, and all other unauthorized actions related to the identity theft; and
333 (L) any other information related to the incident of identity theft that the victim or the
334 Office of the Attorney General elects to include in the database.
335 (ii) The database shall record and maintain:
336 (A) identification information for each person who requests or receives information
337 from the database;
338 (B) a record of the information that is requested or received by each person who
339 requests or receives information from the database; and
340 (C) a record of the date and time that any information is requested or provided from the
341 database.
342 (c) Information in the database is considered to be the property of the Office of the
343 Attorney General, and retains any classification given it under Title 63, Chapter 2, Government
344 Records Access and Management Act.
345 (4) The Department of Technology Services, with the approval of the Office of the
346 Attorney General, may make rules to:
347 (a) permit the following persons to have access to the database:
348 (i) federal, state, and local law enforcement authorities, provided that the authority is
349 acting within a specified duty of the authority's employment in enforcing laws;
350 (ii) participating merchants and financial institutions, provided that the merchant or
351 institution has entered into an access agreement with the Office of the Attorney General; and
352 (iii) other persons, to be established by rule, provided that the person's access to the
353 information is necessary and reasonable to accomplish the purposes of the program as provided
354 in Subsection (1);
355 (b) define and enforce limitations on access to information via the Internet website or in
356 the database; and
357 (c) establish standards and procedures to ensure accurate identification of individuals
358 that are requesting or receiving information from the Internet website or the database.
359 (5) (a) In addition to the penalties provided under Title 63, Chapter 2, Government
360 Records Access and Management Act, a person may not knowingly and intentionally release or
361 disclose information from the database in violation of the limitations provided under Subsection
362 (4)(a).
363 (b) A violation of Subsection (5)(a) is a third degree felony.
364 (6) (a) A person may not obtain or attempt to obtain information from the database by
365 misrepresentation or fraud.
366 (b) A violation of Subsection (6)(a) is a third degree felony.
367 (7) (a) A person may not knowingly and intentionally use, release, publish, or otherwise
368 make available to any other person or entity any information obtained from the database for any
369 purpose other than those specified under Subsection (4)(a).
370 (b) Each separate violation of Subsection (7)(a) is a third degree felony.
371 Section 3. Coordinating H.B. 141 with H.B. 63 -- Technical renumbering.
372 If this H.B. 141 and H.B. 63, Recodification of Title 63 State Affairs in General, both
373 pass, it is the intent of the Legislature that the Office of Legislative Research and General
374 Counsel, in preparing the Utah Code database for publication:
375 (1) renumber Section 63-2-304 to 63G-2-305 ; and
376 (2) change all internal references to Title 63, Chapter 2 to Title 63G, Chapter 2.
[Bill Documents][Bills Directory]