Section 63A-19-101 - DefinitionsAs used in this chapter:
(1) "Chief privacy officer" means the individual appointed under Section 63A-19-302.(2) "Commission" means the Utah Privacy Commission established in Section 63C-24-102.(3) "Cyber Center" means the Utah Cyber Center created in Section 63A-16-1102.(4) "Data breach" means the unauthorized access, acquisition, disclosure, loss of access, or destruction of personal data held by a governmental entity, unless the governmental entity concludes, according to standards established by the Cyber Center, that there is a low probability that personal data has been compromised.(5) "Designated governmental entity" means the same as that term is defined in Section 67-3-13.(6) "Governing board" means the Utah Privacy Governing Board established in Section 63A-19-201.(7) "Governmental entity" means the same as that term is defined in Section 63G-2-103.(8) "High risk processing activities" means a governmental entity's processing of personal data that may result in a significant compromise to an individual's privacy interests, based on factors that include:(a) the sensitivity of the personal data processed;(b) the amount of personal data being processed;(c) the individual's ability to consent to the processing of personal data; and(d) risks of unauthorized access or use.(9) "Individual" means the same as that term is defined in Section 63G-2-103.(10) "Legal guardian" means: (a) the parent of a minor; or(b) an individual appointed by a court to be the guardian of a minor or incapacitated person and given legal authority to make decisions regarding the person or property of the minor or incapacitated person.(11) "Office" means the Office of Data Privacy created in Section 63A-19-301.(12) "Ombudsperson" means the data privacy ombudsperson appointed under Section 63A-19-501.(13) "Personal data" means information that is linked or can be reasonably linked to an identified individual or an identifiable individual.(14) "Process" or "processing" means any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, access, retrieval, consultation, use, disclosure by transmission, transfer, dissemination, alignment, combination, restriction, erasure, or destruction.(15) "Record" means the same as that term is defined in Section 63G-2-103.(16) "Record series" means the same as that term is defined in Section 63G-2-103.(17) "Retention schedule" means a governmental entity's schedule for the retention or disposal of records that has been approved by the Records Management Committee pursuant to Section 63A-12-113.(18)(a) "Sell" means an exchange of personal data for monetary consideration by a governmental entity to a third party.(b) "Sell" does not include a fee: (i) charged by a governmental entity for access to a record; or(ii) assessed in accordance with an approved fee schedule.(19)(a) "State agency" means the following entities that are under the direct supervision and control of the governor or the lieutenant governor:(xvii) another administrative unit of the state; or(xviii) an agent of an entity described in Subsections (19)(a)(i) through (xvii).(b) "State agency" does not include: (i) the legislative branch;(ii) the judicial branch;(iii) an executive branch agency within the Office of the Attorney General, the state auditor, the state treasurer, or the State Board of Education; or(iv) an independent entity.(20) "State privacy officer" means the individual described in Section 67-3-13.Added by Chapter 417, 2024 General Session ,§ 2, eff. 5/1/2024.