(1) A state-endorsed digital identity shall: (a) incorporate state-of-the-art safeguards for protecting an individual's identity, including compromise detection, recovery mechanisms, and cross-context correlation protections; (b) include methods to establish authenticity and integrity; (c) be compatible with a wide variety of technological systems while maintaining strong privacy and security; (d) support online and offline presentation; (e) enable a holder to: (i) selectively disclose an individual's identity attributes; or (ii) demonstrate that the individual meets a specified minimum age without disclosing the individual's age or birth date; (f) allow a holder to choose a digital wallet that conforms with the requirements established by the department; and (g) be easy for a holder to adopt and use. (2) The department shall: (a) validate verification of an individual's identity provided by an identity proofing entity; (b) comply with the requirements of this chapter through technological means where possible; (c) ensure any technical infrastructure used to control the issuance or revocation of a state- endorsed digital identity is maintained within a state-controlled data center located within the state; (d) ensure that a state-controlled data center located within the state shall use best practices in collection, processing, storage, and disclosure of all individual identity and identity attributes; (e) select open technological standards for the creation, issuance, use, and acceptance of a state-endorsed digital identity that are: (i) publicly available; and (ii) free from: (A) licensing fees; and (B) patent restrictions; (f) verify and endorse a specific set of identity attributes including an individual's: (i) name; (ii) birth date; (iii) image; and (iv) Utah residence address; and (g) create a process for: (i) a holder to: (A) obtain, maintain, and control an individual's state-endorsed digital identity; (B) use an individual's state-endorsed digital identity; (C) limit access to an individual's state-endorsed digital identity and identity attributes; (D) obtain a new state-endorsed digital identity if the individual's state-endorsed digital identity is compromised; and (E) migrate a state-endorsed digital identity to another digital wallet compliant with this chapter; (ii) a holder to request that an individual's identity attributes be amended or corrected; and (iii) appointment of a digital guardian to obtain or use a state-endorsed digital identity on an individual's behalf. (3) A state-endorsed digital identity may not include a mechanism that allows the department to monitor, surveil, or track the presentation of a state-endorsed digital identity to another entity. (4) Information provided by an individual to the state to obtain a state-endorsed digital identity may only be: (a) used for the purpose of issuing and managing a state-endorsed digital identity; (b) used as authorized by the individual; (c) retained as long as necessary to issue and manage a state-endorsed digital identity; (d) maintained within a state-controlled data center located within the state; or (e) disclosed to: (i) the subject of the record or the subject's digital guardian; or (ii) a person with a warrant or court order. (5) The department may only revoke an individual's state-endorsed digital identity if: (a) the state-endorsed digital identity has been compromised; (b) the department's endorsement was: (i) issued in error; or (ii) based on fraudulent information; or (c) the holder requests that the department revoke the individual's state-endorsed digital identity. (6) The department shall report a data breach regarding individual identity or identity attributes in accordance with Section 63A-19-405.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.