This bill amends the Government Data Privacy Act and the Government Records Access and Management Act.
This bill:
- defines terms;
- requires governmental entities to obtain authorization from their elected legislative body before implementing high-risk surveillance activities;
- requires approved surveillance activities to be included in annual reports;
- restructures the Utah Privacy Commission to include representatives from state agencies, cities, counties, public education, and higher education;
- transfers support of the Utah Privacy Commission from the state auditor's office to the Office of Data Privacy;
- authorizes the commission to establish participation requirements for commission members;
- authorizes the Office of Data Privacy to provide recommendations and guidance;
- authorizes the Office of Data Privacy to partner with state institutions of higher education for research and support functions;
- establishes the data privacy ombudsman as a component of the Office of Data Privacy;
- removes duplicative provisions from the Government Records Access and Management Act;
- expands amendment and correction procedures to cover information beyond personal data; and
- makes technical and conforming changes.

Statutes affected:
Introduced: 20A-11-1604, 53-18-102, 63A-19-101, 63A-19-202, 63A-19-203, 63A-19-204, 63A-19-301, 63A-19-302, 63A-19-401, 63A-19-401.1, 63A-19-401.2, 63A-19-401.3, 63A-19-403, 63A-19-405, 63A-19-406, 63A-19-501, 63G-2-201, 63G-2-301, 63G-2-302, 63G-2-601, 63G-2-803