The proposed bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must adopt and maintain policies that govern their handling of personal data, ensuring that such data is only collected and retained as necessary for their lawful functions. Additionally, it sets a maximum retention period of three years for personal data unless a written policy justifies an extension.

Furthermore, the bill outlines the rights of Wyoming residents concerning their personal data, allowing them to request copies and file objections regarding the accuracy or handling of their data. It also stipulates that government entities may not sell or transfer personal data without explicit consent, with certain exceptions for transfers between government entities or to contracted nongovernment entities under strict conditions. The bill includes provisions for the development of sample policies by the state chief information officer and sets effective dates for compliance, with some sections taking effect immediately and others by July 1, 2027.