Skip to main content
Find a Lawyer

Utah Code Title 63A. Utah Government Operations Code § 63A-19-405. Data breach notification to the Cyber Center and the Office of the Attorney General

Current as of January 01, 2025 | Updated by Findlaw Staff

(1)(a) A governmental entity that identifies a data breach affecting 500 or more individuals shall notify the Cyber Center and the attorney general of the data breach.

(b) In addition to the notification required by Subsection (1)(a), a governmental entity that identifies the unauthorized access, acquisition, disclosure, loss of access, or destruction of data that compromises the security, confidentiality, availability, or integrity of the computer systems used or information maintained by the governmental entity shall notify the Cyber Center.

(2) The notification under Subsection (1) shall:

(a) be made without unreasonable delay, but no later than five days from the discovery of the data breach; and

(b) include the following information:

(i) the date and time the data breach occurred;

(ii) the date the data breach was discovered;

(iii) a short description of the data breach that occurred;

(iv) the means by which access was gained to the system, computer, or network;

(v) the individual or entity who perpetrated the data breach;

(vi) steps the governmental entity is or has taken to mitigate the impact of the data breach; and

(vii) any other details requested by the Cyber Center.

(3) For a data breach under Subsection (1)(a), the governmental entity shall provide the following information to the Cyber Center and the attorney general in addition to the information required under Subsection (2)(b):

(a) the total number of people affected by the data breach, including the total number of Utah residents affected; and

(b) the type of personal data involved in the data breach.

(4) If the information required by Subsection (2)(b) is not available within five days of discovering the breach, the governmental entity shall provide as much of the information required under Subsection (2)(b) as is available and supplement the notification with additional information as soon as the information becomes available.

(5)(a) A governmental entity that experiences a data breach affecting fewer than 500 individuals shall create an internal incident report containing the information in Subsection (2)(b) as soon as practicable and shall provide additional information as the information becomes available.

(b) A governmental entity shall provide to the Cyber Center:

(i) an internal incident report described in Subsection (5)(a) upon request of the Cyber Center; and

(ii) an annual report logging all of the governmental entity's data breach incidents affecting fewer than 500 individuals.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Utah Code Title 63A. Utah Government Operations Code § 63A-19-405. Data breach notification to the Cyber Center and the Office of the Attorney General - last updated January 01, 2025 | https://codes.findlaw.com/ut/title-63a-utah-government-operations-code/ut-code-sect-63a-19-405/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard