Section 63C-24-202 - Commission duties(1) The commission shall:(a) annually develop a data privacy agenda that identifies for the upcoming year:(i) governmental entity privacy practices to be reviewed by the commission;(ii) educational and training materials that the commission intends to develop;(iii) any other items related to data privacy the commission intends to study; and(iv) best practices and guiding principles that the commission plans to develop related to government privacy practices;(b) develop guiding standards and best practices with respect to government privacy practices;(c) develop educational and training materials that include information about: (i) the privacy implications and civil liberties concerns of the privacy practices of government entities;(ii) best practices for government collection and retention policies regarding personal data; and(iii) best practices for government personal data security standards; (d) review the privacy implications and civil liberties concerns of government privacy practices ; and(e) provide the data privacy agenda to the governing board by May 1 of each year.(2) The commission may, in addition to the approved items in the data privacy agenda prepared under Subsection (1)(a): (a) review specific government privacy practices as referred to the commission by the chief privacy officer described in Section 63A-19-302 or the state privacy officer described in Section 67-3-13; (b) review a privacy practice not accounted for in the data privacy agenda only upon referral by the chief privacy officer or the state privacy officer in accordance with Subsection 63C-24-202(2)(a);(c) review and provide recommendations regarding consent mechanisms used by governmental entities to collect personal information;(d) develop and provide recommendations to the Legislature on how to balance transparency and public access of public records against an individual's reasonable expectations of privacy and data protection; and(e) develop recommendations for legislation regarding the guiding standards and best practices the commission has developed in accordance with Subsection (1)(a).(3) At least annually, on or before October 1, the commission shall report to the Judiciary Interim Committee:(a) the results of any reviews the commission has conducted;(b) the guiding standards and best practices described in Subsection (1)(b); and(c) any recommendations for legislation the commission has developed in accordance with Subsection (2)(e).(4) At least annually, on or before June 1, the commission shall report to the governing board regarding: (a) governmental entity privacy practices the commission plans to review in the next year;(b) any educational and training programs the commission intends to develop in relation to government data privacy best practices;(c) results of the commission's data privacy practice reviews from the previous year; and(d) recommendations from the commission related to data privacy legislation, standards, or best practices.(5) The data privacy agenda detailed in Subsection (1)(a) does not add to or expand the authority of the commission.Amended by Chapter TBD, 2024 General Session ,§ 19, eff. 5/1/2024.Amended by Chapter 173, 2023 General Session ,§ 7, eff. 5/3/2023.Added by Chapter 171, 2021 General Session ,§ 4, eff. 5/5/2021.Technically renumbered to avoid duplication of section number also enacted in HB288, Chapter 171.