Utah

Keypoint: While not as far-reaching as bills under consideration in other states, the Utah bill creates some obligations for private sector companies deploying generative artificial intelligence, including disclosing its use.

In early March, the Utah legislature unanimously passed SB 149. The bill is now with Utah Governor Spencer Cox for signature. In general, the bill: (1) specifies that Utah’s consumer protection laws apply equally to an entity’s use of generative artificial intelligence as they do to the entity’s other activities, (2) requires private sector entities to take steps to disclose and/or respond to inquiries about their use of generative artificial intelligence, and (3) creates the Office of Artificial Intelligence Policy which is charged with, among other things, administering an artificial intelligence learning laboratory program. Once signed by the Governor, the law will go into effect on May 1, 2024.

In the below article, we provide a brief analysis of the bill’s provisions.

Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.

On March 11, 2021, Utah governor Spencer Cox signed the Cybersecurity Affirmative Defense Act, which creates affirmative defenses to certain causes of action arising out of a breach of system security.

Keypoint: It was a busy week for privacy law. Since the update we provided last week Virginia’s bill was signed into law, bills in Washington and Oklahoma advanced, and Utah’s bill failed to pass before its legislative session closed.

Last week, we provided an update on the status of proposed CCPA-like privacy legislation. In that article, we noted that the contents were “time-sensitive and subject to change.” Typical to privacy law, in just a week, the landscape of these proposed laws changed dramatically. Given these changes, we decided to publish another update and, like last week, waited until a weekend when state legislatures are quiet.

Before we get to our update, we wanted to provide three reminders.

First, we will be hosting a webinar on Virginia’s Consumer Data Protection Act on March 11. You can register for the webinar here. If you are unable to attend the webinar live, you can still register, and we will email a copy of the presentation and a link to the webinar recording to you.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: CCPA-like privacy bills continue to be introduced and work their way through state legislatures.

Those who attended our recent webinar or who subscribe to this blog know that we have been closely tracking proposed CCPA-like legislation in state legislatures across the country. We also launched a 2021 State Privacy Law Tracker to keep pace with the latest developments.

Yet, even with these efforts, there still are numerous developments occurring on a near daily basis. Therefore, we decided to wait until a weekend (when state legislatures are quiet) to provide a summary of where these bills stand. Of course, the contents provided below are time-sensitive and subject to change.