The proposed bill establishes new regulations for government entities in Wyoming regarding the collection, access, security, and use of personal data. It introduces definitions for key terms such as "deidentified data," "government entity," and "personal data," while explicitly excluding the judicial branch and law enforcement agencies from its scope. The bill mandates that government entities must obtain express written consent from individuals before purchasing, selling, trading, or transferring their personal data, with certain exceptions for transfers between government entities or to contracted nongovernment entities. Additionally, it allows individuals to request copies of their personal data and to file objections regarding its accuracy or retention.

Furthermore, the bill requires each government entity that collects or retains personal data to adopt and maintain a policy that aligns with federal and state laws, ensuring that only necessary data is collected and retained for a maximum of three years unless justified otherwise. The state chief information officer is tasked with developing sample policies for government entities by January 1, 2027. The bill outlines a phased implementation timeline, with certain provisions becoming effective immediately and others set to take effect on July 1, 2027, and July 1, 2029, for specific political subdivisions.