(1) There is created within the office the position of data privacy ombudsperson. (2) The governor shall appoint the ombudsperson with the advice of the governing board. (3) The ombudsperson shall: (a) be an attorney in good standing and authorized to practice law in this state; (b) be familiar with the provisions of: (i) this chapter; (ii) Chapter 12, Division of Archives and Records Service and Management of Government Records; (iii) Chapter 20, State-Endorsed Digital Identity; and (iv) Title 63G, Chapter 2, Government Records Access and Management Act; and (c) serve as a resource for: (i) an individual who is making a data privacy complaint; and (ii) a governmental entity that is the subject of a data privacy complaint. (4) The ombudsperson may: (a) (i) upon request by a governmental entity or individual, mediate a dispute between the governmental entity and the individual regarding the individual's data privacy complaint; and (ii) upon resolution of a data privacy complaint described in Subsection (4)(a)(i), post on the office's website a brief summary of the data privacy complaint and the resolution of the matter; and (b) provide data privacy education and training in accordance with Subsection 63A-19-301(3)(g). (5) The ombudsperson may not: (a) mediate a dispute between a governmental entity and an individual if the individual's data privacy complaint is within the authority of: (i) the Government Records Office created in Section 63A-12-202; or (ii) the government records ombudsman established in Section 63A-12-204; (b) expand the scope of a mediation beyond the individual's data privacy complaint; (c) testify, or be compelled to testify, regarding a matter for which the ombudsperson provides services under this section; or (d) conduct an audit of a governmental entity's privacy practices. (6) After consultation with the chief privacy officer, the ombudsperson may raise matters and questions to the governing board. (7) The ombudsperson may receive and review complaints regarding alleged violations of Chapter 20, State-Endorsed Digital Identity, by private sector entities, and may refer such complaints to the attorney general for enforcement in accordance with Section 63A-20-801.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.