The bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It creates definitions for terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must obtain express written consent from individuals before purchasing, selling, trading, or transferring personal data, with certain exceptions for transfers between government entities or to contracted nongovernment entities, provided that these entities adhere to the same data protection standards. Additionally, it allows residents to request copies of their personal data and to file objections regarding its accuracy or handling.

Furthermore, the bill requires each government entity that collects or retains personal data to adopt and maintain a policy that aligns with applicable federal and state laws. It limits the collection of personal data to what is necessary for lawful functions and stipulates that data cannot be retained for more than three years without a justified written policy. The bill also outlines a timeline for the implementation of these policies, with certain provisions becoming effective as early as July 1, 2026, and others by July 1, 2027, or July 1, 2028, depending on the type of government entity.