(1) An individual may submit a complaint to the data privacy ombudsperson alleging a violation of this chapter by: (a) the department; (b) a digital wallet provider; (c) a verifier; or (d) a relying party. (2) The data privacy ombudsperson may receive and review a complaint described in Subsection (1). (3) If, after reviewing a complaint, the data privacy ombudsperson has reasonable cause to believe that a violation of this chapter has occurred, the data privacy ombudsperson may refer the complaint to the attorney general. (4) Upon receiving a referral under Subsection (3), or when the attorney general has reasonable cause to believe that a violation of this chapter has occurred, the attorney general is authorized to: (a) issue civil investigative demands for depositions, documents, and requests for information in the time and manner prescribed by the attorney general; and (b) bring a civil action in a court of competent jurisdiction to: (i) enjoin a violation of this chapter; (ii) obtain declaratory relief regarding compliance with this chapter; or (iii) recover damages, restitution, and disgorgement on behalf of an individual injured by a violation of this chapter. (5) The attorney general shall treat all information received in accordance with Subsection (4) as non-public and confidential unless confidentiality is waived by the providing party, or upon the filing of an enforcement action. (6) In an action brought under Subsection (4), the court may award: (a) injunctive relief; (b) declaratory relief; (c) equitable relief including restitution and disgorgement; (d) actual damages; (e) costs; and (f) reasonable attorney fees.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.