The Office of the State Auditor today announces that the State Privacy Officer (SPO) has completed the first comprehensive compliance review of over 1600 Utah governmental entities and governmental non-profits and their compliance with statute governing privacy protections and policies.
The review examined over 1600 governmental entities for statutory compliance with Utah Code 63D-2-103 which requires each government entity to establish a clear Privacy Policy Statement and post that statement on its website.
The review showed that 66% of the reviewed entities currently fail to meet all the necessary criteria specified in statute. These governmental entities range from counties and cities to school districts, charter schools, and water districts, which, between them, serve all the residents of Utah.
Establishing, and abiding by, an effective Privacy Policy Statement is an essential element of protecting the personal data of Utah residents. Statute specifies that the privacy policy must outline the types of personal data (PII) collected by the entity, the measures implemented for its protection, as well as providing contact information for privacy inquiries and outlining the sharing and retention practices the governmental entity adheres to.
In response to these findings, the State Privacy Officer is working with non-compliant entities to help bring them into compliance. The State Privacy Officer will conduct future reviews to measure compliance. The goal is to strengthen the protection of personal data and to foster greater accountability within Utah’s government services.
State Privacy Officer Dr. Whitney Phillips commented, “The role of the State Privacy Officer is to help ensure that Utah governmental entities safeguard the private information of Utah residents. I am pleased that our team’s leadership was able to establish this baseline on compliance with statute and we are committed to help improve these results.”
State Auditor John Dougall remarked, “I am pleased that we are helping improve the privacy posture of Utah’s governmental entities to protect Utahns and their personal information and to ensure these entities comply with statute designed to give citizens greater control of their personal data.”
A copy of the Review report, the Privacy Policy Statement, and the Governmental Website Privacy Notice Checklist can be viewed on the Office’s website.
