The bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," "personal data," and "personal digital identity." The bill mandates that government entities must adopt policies that comply with these regulations, ensuring that personal data is only collected and retained as necessary for lawful functions. Additionally, it prohibits the sale or transfer of personal data without the express written consent of the individual, with certain exceptions for transfers between government entities or to contracted nongovernment entities under strict conditions.

Furthermore, the bill outlines the rights of Wyoming residents concerning their personal data, including the ability to request copies of their data and to file objections regarding its accuracy or retention. It requires government entities to investigate such objections and respond within a specified timeframe. The bill also sets a limit on the retention of personal data, stipulating that it cannot be maintained for longer than three years without a justified policy. The effective dates for various sections of the bill are staggered, with some provisions taking effect immediately and others set for 2026 and 2027.