The bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must obtain express written consent from individuals before purchasing, selling, trading, or transferring personal data, with certain exceptions for transfers between government entities or to contracted nongovernment entities under strict conditions. Additionally, it allows residents to request copies of their personal data and to file objections regarding its accuracy or handling.

Furthermore, the bill requires each government entity that collects or retains personal data to adopt and maintain a policy that aligns with applicable federal and state laws. It limits the collection of personal data to what is necessary for lawful functions and sets a maximum retention period of three years unless justified by a written policy. The bill also outlines a timeline for the implementation of these requirements, with certain sections becoming effective immediately and others set to take effect in 2026 and 2027 for various government entities.