The proposed bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from the definition of government entities. The bill mandates that government entities must adopt and enforce policies that limit the collection and retention of personal data to what is necessary for their lawful functions, and it prohibits the sale or transfer of personal data without the express consent of the individual to whom the data pertains. Additionally, it allows residents to request copies of their personal data and to file objections regarding its accuracy or handling.

The bill also includes provisions for the development of sample policies by the state chief information officer and outlines specific timelines for compliance. Notably, it removes a clause that could have limited the definition of deidentified data, thereby clarifying the intent of the legislation. The effective dates for various sections of the bill are staggered, with some provisions taking effect immediately and others set for July 1, 2027, and July 1, 2029, for different government entities. Overall, the bill aims to enhance data privacy protections for Wyoming residents while ensuring that government entities handle personal data responsibly.