Government operations privacy officer.

  1. Law
  2. Utah Code
  3. State Officers and Employees
  4. Governor
  5. Government operations privacy officer.

Checkout our iOS App for a better way to browser and research.



  • (1) As used in this section:
    • (a) "Independent entity" means the same as that term is defined in Section 63E-1-102.
    • (b)
      • (i) "Personal data" means any information relating to an identified or identifiable individual.
      • (ii) "Personal data" includes personally identifying information.
    • (c)
      • (i) "Privacy practice" means the acquisition, use, storage, or disposal of personal data.
      • (ii) "Privacy practice" includes:
        • (A) a technology use related to personal data; and
        • (B) policies related to the protection, storage, sharing, and retention of personal data.
    • (d)
      • (i) "State agency" means the following entities that are under the direct supervision and control of the governor or the lieutenant governor:
        • (A) a department;
        • (B) a commission;
        • (C) a board;
        • (D) a council;
        • (E) an institution;
        • (F) an officer;
        • (G) a corporation;
        • (H) a fund;
        • (I) a division;
        • (J) an office;
        • (K) a committee;
        • (L) an authority;
        • (M) a laboratory;
        • (N) a library;
        • (O) a bureau;
        • (P) a panel;
        • (Q) another administrative unit of the state; or
        • (R) an agent of an entity described in Subsections (A) through (Q).
      • (ii) "State agency" does not include:
        • (A) the legislative branch;
        • (B) the judicial branch;
        • (C) an executive branch agency within the Office of the Attorney General, the state auditor, the state treasurer, or the State Board of Education; or
        • (D) an independent entity.
  • (2) The governor may, with the advice and consent of the Senate, appoint a government operations privacy officer.
  • (3) The government operations privacy officer shall:
    • (a) compile information about the privacy practices of state agencies;
    • (b) make public and maintain information about the privacy practices of state agencies on the governor's website;
    • (c) provide state agencies with educational and training materials developed by the Personal Privacy Oversight Commission established in Section 63C-24-201 that include the information described in Subsection 63C-24-202(1)(b);
    • (d) implement a process to analyze and respond to requests from individuals for the government operations privacy officer to review a state agency's privacy practice;
    • (e) identify annually which state agencies' privacy practices pose the greatest risk to individual privacy and prioritize those privacy practices for review;
    • (f) review each year, in as timely a manner as possible, the privacy practices that the government operations privacy officer identifies under Subsection (3)(d) or (e) as posing the greatest risk to individuals' privacy;
    • (g) when reviewing a state agency's privacy practice under Subsection (3)(f), analyze:
      • (i) details about the privacy practice;
      • (ii) information about the type of data being used;
      • (iii) information about how the data is obtained, shared, secured, stored, and disposed;
      • (iv) information about with which persons the state agency shares the information;
      • (v) information about whether an individual can or should be able to opt out of the retention and sharing of the individual's data;
      • (vi) information about how the state agency de-identifies or anonymizes data;
      • (vii) a determination about the existence of alternative technology or improved practices to protect privacy; and
      • (viii) a finding of whether the state agency's current privacy practice adequately protects individual privacy; and
    • (h) after completing a review described in Subsections (3)(f) and (g), determine:
      • (i) each state agency's use of personal data, including the state agency's practices regarding data:
        • (A) acquisition;
        • (B) storage;
        • (C) disposal;
        • (D) protection; and
        • (E) sharing;
      • (ii) the adequacy of the state agency's practices in each of the areas described in Subsection (3)(h)(i); and
      • (iii) for each of the areas described in Subsection (3)(h)(i) that the government operations privacy officer determines require reform, provide recommendations to the state agency for reform.
  • (4) The government operations privacy officer shall:
    • (a) quarterly report, to the Personal Privacy Oversight Commission:
      • (i) recommendations for privacy practices for the commission to review; and
      • (ii) the information described in Subsection (3)(h); and
    • (b) annually, on or before October 1, report to the Judiciary Interim Committee:
      • (i) the results of any reviews described in Subsection (3)(g), if any reviews have been completed;
      • (ii) reforms, to the extent that the government operations privacy officer is aware of any reforms, that the state agency made in response to any reviews described in Subsection (3)(g);
      • (iii) the information described in Subsection (3)(h); and
      • (iv) recommendations for legislation based on the results of any reviews described in Subsection (3)(g).




Download our app to see the most-to-date content.