2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill prohibits the dissemination of personal information without authorization.
10 Highlighted Provisions:
11 This bill:
12 ▸ prohibits the disclosure or dissemination of identifying information with the intent
13 or knowledge that the information will be further disseminated;
14 ▸ defines identifying information; and
15 ▸ provides that if the information is used to harass the person, it is a second degree
16 felony.
17 Money Appropriated in this Bill:
18 None
19 Other Special Clauses:
20 None
21 Utah Code Sections Affected:
22 AMENDS:
23 76-6-702, as last amended by Laws of Utah 2005, Chapter 72
24 76-6-703, as last amended by Laws of Utah 2010, Chapter 193
25
26 Be it enacted by the Legislature of the state of Utah:
27 Section 1. Section 76-6-702 is amended to read:
28 76-6-702. Definitions.
29 As used in this part:
30 (1) "Access" means to directly or indirectly use, attempt to use, instruct, communicate
31 with, cause input to, cause output from, or otherwise make use of any resources of a computer,
32 computer system, computer network, or any means of communication with any of them.
33 (2) "Authorization" means having the express or implied consent or permission of the
34 owner, or of the person authorized by the owner to give consent or permission to access a
35 computer, computer system, or computer network in a manner not exceeding the consent or
36 permission.
37 (3) "Computer" means any electronic device or communication facility that stores,
38 retrieves, processes, or transmits data.
39 [
40 (a) the interconnection of communication or telecommunication lines between:
41 (i) computers; or
42 (ii) computers and remote terminals; or
43 (b) the interconnection by wireless technology between:
44 (i) computers; or
45 (ii) computers and remote terminals.
46 [
47 data, information, financial instruments, software, or programs, in either machine or human
48 readable form, any other tangible or intangible item relating to a computer, computer system,
49 computer network, and copies of any of them.
50 [
51 software, or other related computer equipment.
52 (7) "Confidential" means data, text, or computer property that is protected by a security
53 system that clearly evidences that the owner or custodian intends that it not be available to
54 others without the owner's or custodian's permission.
55 [
56 deposit, letter of credit, bill of exchange, electronic fund transfer, automated clearing house
57 transaction, credit card, or marketable security.
58 (9) (a) "Identifying information" means a person's:
59 (i) social security number;
60 (ii) driver license number;
61 (iii) nondriver governmental identification number;
62 (iv) bank account number;
63 (v) student identification number;
64 (vi) credit or debit card number;
65 (vii) personal identification number;
66 (viii) unique biometric data;
67 (ix) employee or payroll number;
68 (x) automated or electronic signature; or
69 (xi) computer password.
70 (b) "Identifying information" does not include information that is lawfully available
71 from publicly available information, or from federal, state, or local government records
72 lawfully made available to the general public.
73 [
74 (a) through use of:
75 (i) an electronic product identification or tracking system; or
76 (ii) other technology used by a retailer to identify, track, or price goods; and
77 (b) by a retailer through the use of equipment designed to read the electronic product
78 identification or tracking system data located within the retailer's location.
79 [
80 (a) licenses, certificates, and permits granted by governments;
81 (b) degrees, diplomas, and grades awarded by educational institutions;
82 (c) military ranks, grades, decorations, and awards;
83 (d) membership and standing in organizations and religious institutions;
84 (e) certification as a peace officer;
85 (f) credit reports; and
86 (g) another record or datum upon which a person may be reasonably expected to rely in
87 making decisions that will have a direct benefit or detriment to another.
88 [
89 computer property that has some form of access control technology implemented, such as
90 encryption, password protection, other forced authentication, or access control designed to keep
91 out unauthorized persons.
92 [
93 [
94 form acceptable to a computer, relating to the operations of the computer, or permitting the
95 functioning of a computer system in a manner designed to provide results including system
96 control programs, application programs, or copies of any of them.
97 Section 2. Section 76-6-703 is amended to read:
98 76-6-703. Computer crimes and penalties.
99 (1) A person who without authorization gains or attempts to gain access to and alters,
100 damages, destroys, discloses, or modifies any computer, computer network, computer property,
101 computer system, computer program, computer data or software, and thereby causes damage to
102 another, or obtains money, property, information, or a benefit for any person without legal
103 right, is guilty of:
104 (a) a class B misdemeanor when:
105 (i) the damage caused or the value of the money, property, or benefit obtained or
106 sought to be obtained is less than $500; or
107 (ii) the information obtained is not confidential;
108 (b) a class A misdemeanor when the damage caused or the value of the money,
109 property, or benefit obtained or sought to be obtained is or exceeds $500 but is less than
110 $1,500;
111 (c) a third degree felony when the damage caused or the value of the money, property,
112 or benefit obtained or sought to be obtained is or exceeds $1,500 but is less than $5,000;
113 (d) a second degree felony when the damage caused or the value of the money,
114 property, or benefit obtained or sought to be obtained is or exceeds $5,000; or
115 (e) a third degree felony when:
116 (i) the property or benefit obtained or sought to be obtained is a license or entitlement;
117 (ii) the damage is to the license or entitlement of another person; [
118 (iii) the information obtained is confidential or identifying information; or
119 (iv) in gaining access the person breaches or breaks through a security system.
120 (2) (a) Except as provided in Subsection (2)(b), a person who intentionally or
121 knowingly and without authorization gains or attempts to gain access to a computer, computer
122 network, computer property, or computer system under circumstances not otherwise
123 constituting an offense under this section is guilty of a class B misdemeanor.
124 (b) Notwithstanding Subsection (2)(a), a retailer that uses an electronic product
125 identification or tracking system, or other technology to identify, track, or price goods is not
126 guilty of a violation of Subsection (2)(a) if the equipment designed to read the electronic
127 product identification or tracking system data and used by the retailer to identify, track, or price
128 goods is located within the retailer's location.
129 (3) (a) A person who, with intent that electronic communication harassment occur,
130 discloses or disseminates another person's identifying information with the expectation that
131 others will further disseminate or use the person's identifying information is subject to the
132 penalties outlined in Subsection (3)(b).
133 (b) If the disclosure or dissemination of another person's identifying information results
134 in electronic communication harassment, as described in Section 76-9-201, of the person
135 whose identifying information is disseminated, the person disseminating the information is
136 guilty of:
137 (i) a class B misdemeanor if the person whose identifying information is disseminated
138 is an adult; or
139 (ii) a class A misdemeanor if the person whose identifying information is disseminated
140 is a minor.
141 (c) A second offense under Subsection (3)(b)(i) is a class A misdemeanor.
142 (d) A second offense under Subsection (3)(b)(ii), and a third or subsequent offense
143 under this Subsection (3)(b), is a third degree felony.
144 [
145 computer network, computer property, or computer system, program, or software to devise or
146 execute any artifice or scheme to defraud or to obtain money, property, services, or other things
147 of value by false pretenses, promises, or representations, is guilty of an offense based on the
148 value of the money, property, services, or things of value, in the degree set forth in Subsection
149 76-10-1801(1).
150 [
151 with or interrupts computer services to another authorized to receive the services is guilty of a
152 class A misdemeanor.
153 [
154 access or attempted to obtain access in response to, and for the purpose of protecting against or
155 investigating, a prior attempted or successful breach of security of a computer, computer
156 network, computer property, computer system whose security the person is authorized or
157 entitled to protect, and the access attempted or obtained was no greater than reasonably
158 necessary for that purpose.
159 (7) Subsections (3)(a) and (b) do not apply to a person who provides information in
160 conjunction with a report under Title 34A, Chapter 6, Utah Occupational Safety and Health
161 Act, or Title 67, Chapter 21, Utah Protection of Public Employees Act.
162 (8) In accordance with 47 U.S.C.A. Sec. 230, this section may not apply to, and
163 nothing in this section may be construed to impose liability or culpability on, an interactive
164 computer service for content provided by another person.
165 (9) This section does not affect, limit, or apply to any activitiy or conduct that is
166 protected by the constitution or laws of this state or by the constitution or laws of the United
167 States.