S.B. 232 Minor Data Protection Amendments
| Bill Sponsor:  Sen. Winterton, Ronald M. |
- Drafting Attorney: Tyler Moore
- Fiscal Analyst: Rachelle Gunderson
- Bill Text
- Introduced
(Currently Displayed)
- Introduced
- Related Documents
- Information
- Last Action: 1 Mar 2024, Senate/ filed
- Last Location: Senate file for bills not passed
Introduced
Printer FriendlyS.B. 232
1 MINOR DATA PROTECTION AMENDMENTS
22024 GENERAL SESSION
3STATE OF UTAH
4Chief Sponsor: Ronald M. Winterton
5House Sponsor: ____________
6
7 LONG TITLE
8 General Description:
9 This bill modifies the Protection of Personal Information Act.
10 Highlighted Provisions:
11 This bill:
12 ▸ defines terms;
13 ▸ creates a standard for how the personal information of a minor is maintained;
14 ▸ creates a standard for how the personal information of a minor is destroyed; and
15 ▸ makes technical changes.
16 Money Appropriated in this Bill:
17 None
18 Other Special Clauses:
19 None
20 Utah Code Sections Affected:
21 AMENDS:
22 13-44-201, as last amended by Laws of Utah 2019, Chapter 348
23
24 Be it enacted by the Legislature of the state of Utah:
25 Section 1. Section 13-44-201 is amended to read:
26 13-44-201. Protection of personal information.
27 (1) As used in this section:
28 (a) "Endpoint detection and response" means the same as that term is defined in
29 Section 63A-16-214.
30 (b) "Multi-factor authentication" means the same as that term is defined in Section
31 63A-16-214.
32 (c) "Personal information" means the same as that term is defined in Section
33 13-44-102.
34 (d) "Zero trust architecture" means the same as that term is defined in Section
35 63A-16-214.
36 (2) [Any] A person who conducts business in the state and maintains personal
37 information shall implement and maintain reasonable procedures to:
38 (a) prevent unlawful use or disclosure of personal information collected or maintained
39 in the regular course of business; and
40 (b) destroy, or arrange for the destruction of, records containing personal information
41 that are not to be retained by the person.
42 (3) A person who conducts business or offers services in the state, including
43 educational services or healthcare, that collects or maintains the personal information of a
44 minor, shall implement and maintain reasonable procedures to:
45 (a) prevent unlawful use or disclosure of a minor's personal information collected or
46 maintained in the regular course of business, including:
47 (i) endpoint detection and response;
48 (ii) multi-factor authentication; and
49 (iii) zero trust architecture; and
50 (b) destroy, or arrange for the destruction of, records containing a minor's personal
51 information that will not be retained by the person.
52 [(2)] (4) The destruction of records under [Subsection (1)(b)] Subsections (2)(b) and
53 (3)(b) shall be by:
54 (a) shredding;
55 (b) erasing; or
56 (c) otherwise modifying the personal information to make the information
57 indecipherable.
58 Section 2. Effective date.
59 This bill takes effect on May 1, 2024.
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill modifies the Protection of Personal Information Act.
10 Highlighted Provisions:
11 This bill:
12 ▸ defines terms;
13 ▸ creates a standard for how the personal information of a minor is maintained;
14 ▸ creates a standard for how the personal information of a minor is destroyed; and
15 ▸ makes technical changes.
16 Money Appropriated in this Bill:
17 None
18 Other Special Clauses:
19 None
20 Utah Code Sections Affected:
21 AMENDS:
22 13-44-201, as last amended by Laws of Utah 2019, Chapter 348
23
24 Be it enacted by the Legislature of the state of Utah:
25 Section 1. Section 13-44-201 is amended to read:
26 13-44-201. Protection of personal information.
27 (1) As used in this section:
28 (a) "Endpoint detection and response" means the same as that term is defined in
29 Section 63A-16-214.
30 (b) "Multi-factor authentication" means the same as that term is defined in Section
31 63A-16-214.
32 (c) "Personal information" means the same as that term is defined in Section
33 13-44-102.
34 (d) "Zero trust architecture" means the same as that term is defined in Section
35 63A-16-214.
36 (2) [
37 information shall implement and maintain reasonable procedures to:
38 (a) prevent unlawful use or disclosure of personal information collected or maintained
39 in the regular course of business; and
40 (b) destroy, or arrange for the destruction of, records containing personal information
41 that are not to be retained by the person.
42 (3) A person who conducts business or offers services in the state, including
43 educational services or healthcare, that collects or maintains the personal information of a
44 minor, shall implement and maintain reasonable procedures to:
45 (a) prevent unlawful use or disclosure of a minor's personal information collected or
46 maintained in the regular course of business, including:
47 (i) endpoint detection and response;
48 (ii) multi-factor authentication; and
49 (iii) zero trust architecture; and
50 (b) destroy, or arrange for the destruction of, records containing a minor's personal
51 information that will not be retained by the person.
52 [
53 (3)(b) shall be by:
54 (a) shredding;
55 (b) erasing; or
56 (c) otherwise modifying the personal information to make the information
57 indecipherable.
58 Section 2. Effective date.
59 This bill takes effect on May 1, 2024.
Bill Status / Votes
• Senate Actions • House Actions • Fiscal Actions • Other Actions
| Date | Action | Location | Vote |
| 2/12/2024 | Bill Numbered but not Distributed | Legislative Research and General Counsel | |
| 2/12/2024 | Numbered Bill Publicly Distributed | Legislative Research and General Counsel | |
| 2/12/2024 | LFA/ bill sent to agencies for fiscal input | Legislative Research and General Counsel | |
| 2/12/2024 | Senate/ received bill from Legislative Research | Waiting for Introduction in the Senate | |
| 2/12/2024 | Senate/ 1st reading (Introduced) | Senate Rules Committee | |
| 2/13/2024 | Senate/ to standing committee | Senate Transportation, Public Utilities, Energy, and Technology Committee | |
| 2/14/2024 | LFA/ fiscal note sent to sponsor | Senate Transportation, Public Utilities, Energy, and Technology Committee | |
| 2/15/2024 | Senate Comm - Favorable Recommendation | Senate Transportation, Public Utilities, Energy, and Technology Committee | 3 0 4 |
| 2/15/2024 | LFA/ fiscal note publicly available | Senate Transportation, Public Utilities, Energy, and Technology Committee | |
| 2/15/2024 | Senate/ received fiscal note from Fiscal Analyst | Senate Transportation, Public Utilities, Energy, and Technology Committee | |
| 2/15/2024 (2:43:19 PM) | Senate/ committee report favorable | Senate Transportation, Public Utilities, Energy, and Technology Committee | |
| 2/15/2024 (2:43:20 PM) | Senate/ placed on 2nd Reading Calendar | Senate 2nd Reading Calendar | |
| 2/16/2024 (4:32:59 PM) | Senate/ 2nd reading | Senate 2nd Reading Calendar | |
| 2/16/2024 (4:33:07 PM) | Senate/ circled | Senate 2nd Reading Calendar | Voice vote |
| 2/28/2024 | Senate/ 2nd Reading Calendar to Rules | Senate Rules Committee | |
| 3/1/2024 | Senate/ strike enacting clause | Senate Secretary | |
| 3/1/2024 | Senate/ filed | Senate file for bills not passed |
Committee Hearings/Floor Debate
- Committee Hearings