The proposed bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must obtain express written consent from individuals before purchasing, selling, trading, or transferring their personal data, with certain exceptions for transfers between government entities or to contracted nongovernment entities. Additionally, it allows residents to request copies of their personal data and to file objections regarding its accuracy or handling.

Furthermore, the bill requires each government entity that collects or retains personal data to adopt and maintain a policy that aligns with applicable federal and state laws. It limits the collection of personal data to what is necessary for lawful functions and stipulates that data cannot be retained for more than three years without justification. The bill also outlines a timeline for implementation, with certain provisions becoming effective on July 1, 2027, while others take effect immediately upon the bill's passage. Notably, the bill removes language that could be seen as confusing regarding the conditions under which deidentified data is protected.