(1) A verifier shall: (a) incorporate state-of-the-art safeguards for protecting an individual's identity in the verification process; (b) comply with the requirements of this part through technological means where possible; (c) process an individual's identity attributes in a secure manner; (d) process only the minimum identity attributes reasonably necessary to achieve a specified purpose defined by the relying party requesting the presentation; and (e) accept a presentation of a state-endorsed digital identity by a digital guardian. (2) A verifier may only process an individual's identity attributes from a state digital identity if: (a) authorized by the holder; (b) the processing is necessary for a presentation; (c) the holder has received conspicuous notice of: (i) what identity attributes are collected; (ii) how the identity attributes are used; (iii) the purpose for which the identity attributes are processed; and (iv) how long the identity attributes are retained; and (d) the holder consents to the processing of the identity attributes. (3) A verifier may not require a holder to surrender the holder's secure electronic device in the course of a presentation. (4) Nothing in this section relieves a verifier from complying with the requirements of Title 13, Chapter 44, Protection of Personal Information Act, or Title 13, Chapter 61, Utah Consumer Privacy Act.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.