Utah protection of personal information act

Utah SB 69 of 2007 requires that 1) any person who conducts business in the state and maintains personal information shall implement and maintain reasonable procedures to prevent unlawful use or disclosure of personal information collected or maintained in the regular course of business. 2) a person who owns or licenses computerized data that includes personal information concerning a Utah resident shall, when the person becomes aware of a breach of system security, conduct in good faith a reasonable and

prompt investigation to determine the likelihood that personal information has been or will be misused for identity theft or fraud purposes. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Utah Protection of Personal Information Act: SSN with CCN
• Utah Protection of Personal Information Act: CCN with Utah Driver License
• Utah Protection of Personal Information Act: SSN and Account number and Password
• Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Wide)
• Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Default)
• Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Narrow
• Utah Protection of Personal Information Act: Password Dissemination for non- HTTP/S Traffic (Wide)
• Utah Protection of Personal Information Act: Password Dissemination for non- HTTP/S Traffic (Default)
• Utah Protection of Personal Information Act: Password Dissemination for non- HTTP/S Traffic (Narrow)