(1) A digital wallet produced by a digital wallet provider shall: (a) incorporate state-of-the-art safeguards for protecting an individual's identity; (b) process an individual's identity attributes in a secure manner; (c) comply with the requirements of this part through technological means where possible; (d) be tamper resistant; (e) support online and offline presentation of a state-endorsed digital identity; (f) maintain a secure log: (i) with sufficient information for the holder to know: (A) what identity attributes were provided; and (B) the verifier or relying party the identity attributes were provided to; (ii) accessible only to the holder; (iii) exportable only by the holder; and (iv) deletable only by the holder; (g) enable a holder to: (i) selectively disclose an individual's identity attributes; or (ii) demonstrate that the individual meets a specified minimum age without disclosing the individual's age or birth date; and (h) allow a presentation of a state-endorsed digital identity by a digital guardian. (2) A digital wallet provider may only process an individual's identity attributes from a state digital identity if: (a) the processing is necessary for a presentation; (b) the holder has received conspicuous notice of: (i) what identity attributes are collected from the state digital identity; (ii) how the identity attributes are used; (iii) the purpose for which the identity attributes are processed; and (iv) how long the identity attributes are retained; and (c) the holder consents to the processing of the individual's identity attributes. (3) Information provided by a holder to a digital wallet provider for the purpose of creating or using a digital identity may only be: (a) processed for the primary purpose for which the holder disclosed the information; and (b) used, retained, sold, or shared: (i) as expressly authorized by the holder; or (ii) if required by law. (4) Nothing in this section relieves a digital wallet provider from complying with the requirements of Title 13, Chapter 44, Protection of Personal Information Act, or Title 13, Chapter 61, Utah Consumer Privacy Act.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.