The bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must obtain express written consent from individuals before purchasing, selling, trading, or transferring personal data, with certain exceptions for transfers between government entities or to contracted nongovernment entities, provided that these entities adhere to the same data protection standards. Additionally, it allows residents to request copies of their personal data and to file objections regarding its accuracy or handling.

Furthermore, the bill requires each government entity that collects or retains personal data to adopt and maintain a policy that aligns with federal and state laws, limiting data collection to what is necessary for their functions and restricting retention to a maximum of three years without justification. The state chief information officer is tasked with developing sample policies for compliance by January 1, 2026. The effective dates for the various sections of the bill are staggered, with some provisions taking effect immediately and others set for July 1, 2026, and July 1, 2027, for different political subdivisions.