Bill Summary – FastDemocracy

2nd Sub. (Salmon) S.B. 98                                                01-23-24 11:13 AM
 88    security:
 89           (A) in a newspaper of general circulation; and
 90           (B) as required in Section 45-1-101.
 91           (b) If a person maintains the person's own notification procedures as part of an
 92    information security policy for the treatment of personal information the person is considered
 93    to be in compliance with the notification requirement in Subsection (1)(b) if the procedures are
 94    otherwise consistent with this chapter's timing requirements and the person notifies each
 95    affected Utah resident in accordance with the person's information security policy in the event
 96    of a breach.
 97           (c) A person who is regulated by state or federal law and maintains procedures for a
 98    breach of system security under applicable law established by the primary state or federal
 99    regulator is considered to be in compliance with this part if the person notifies each affected
100    Utah resident in accordance with the other applicable law in the event of a breach.
101           Öº [(6) (a) If a person providing a notification under Subsection (1)(c) to the Office of the
 102   Attorney General or the Utah Cyber Center submits the information required under Subsection
 103   63G-2-309(1)(a)(i), records submitted to the Office of the Attorney General or the Utah Cyber
 104   Center under Subsection (1)(c), including the information required under Subsection (6)(b),
 105   and information produced by the Office of the Attorney General or the Utah Cyber Center for
 106   any coordination or assistance provided to the person are presumed to be confidential and are a
 107   protected record under Subsections 63G-2-305(1) and (2).]
107a          (6)(a) The following information may be deemed confidential and classified as a
107b protected record under Subsections 63G-2-305(1) and (2), if the confidentiality requirements of
107c Subsection 63G-2-309(1)(a)(i) are met:
107d          (i) a notification submitted under Subsection (1)(c), including supporting information
107e provided under Subsection (6)(b); and
107f          (ii) information produced by the Office of the Attorney General or the Utah Cyber
107g Center in providing coordination or assistance to person providing notification under
107h Subsection (1)(c). »Ö
108           (b) A person providing notification under Subsection (1)(c) to the Office of the
109    Attorney General or the Utah Cyber Center of a breach of system security shall include the
110    following information in the notification Öº , to the extent the information is known or available
110a at the time the person provides the notification »Ö :
111           (i) the date the breach of system security occurred;
112           (ii) the date the breach of system security was discovered;
113           (iii) the total number of people affected by the breach of system security, including the
                                                       -4-      Senate 2nd Reading Amendments 1-31-2024 lp/se1
Statutes affected: 
S.B. 98 3rd Substitute (Not Adopted) Text: 13-44-202, 63D-2-102, 63D-2-105
Amended: 13-44-202, 63D-2-102, 63D-2-105
S.B. 98 1st Substitute (Not Adopted) Text: 13-44-202, 63D-2-102, 63D-2-105
S.B. 98 2nd Substitute : 13-44-202, 63D-2-102, 63D-2-105
Introduced: 13-44-202, 63A-16-501, 63A-16-510, 63A-16-511, 63D-2-102, 63D-2-105