Skip to main content Skip to navigation Skip to footer

State Privacy Office

Main image

The Office of the State Auditor (OSA) includes the office and functions of the State Privacy Auditor (SPA)—a structure intentionally designed to preserve impartiality, prevent conflicts of interest, and ensure the role remains free from undue influence. This independence is vital to enabling objective, credible evaluations of government data practices and a foundational safeguard that allows the SPA to ask hard questions, follow evidence to its conclusion, and uphold the public’s trust.

Independent standards govern the work of the SPA auditing team as they carry out audits of government privacy practices. These standards provide a clear and consistent framework for assessing whether governmental entities respect individuals’ privacy, treat personal information with dignity, and preserve individuals’ control over their personal information and data. By auditing privacy practices, the SPA is able to promote privacy as a basic human right and to ensure that the government serves the public with transparency, fairness, and accountability.

State Privacy Auditor Duties

The State Privacy Auditor focuses on identifying high-risk data processing activities across the state and Audits more than 1,800 government entities promoting privacy protection as an essential component and best practice across Utah. Per Utah Code, the Utah State Privacy Auditor works under the Utah State Auditor conducting privacy-focused audits and reviews of government data collection. Privacy Audits are shared and maintained through the Office of the Utah State Auditor. See Utah Code § 67‐13‐3(2)(a).

Mission

Protect individual privacy as a fundamental human right by auditing privacy practices across government in Utah and identifying areas of high risk

Core Values

  • Integrity
  • Transparency
  • Accountability

Key Responsibilities

  • Compile Practices: Gather and document information
  • Ensure Transparency: Maintain a public repository of privacy practices on the State Auditor’s website
  • Training & Standards: Provide training and establish data privacy auditing standards
  • Audit Requests: Accept and process requests from individuals to audit specific entities
  • Identify High-Risk Practices: Conduct annual assessments to flag entities posing the greatest privacy risk
  • Conduct Audits: Perform audits focused on high-risk practices
  • Recommend Reforms: Issue recommendations to entities and legislative bodies when audits reveal significant privacy concerns

Report a Complaint

To report a complaint, go to the Hotline page or contact the State Privacy Office via email at privacy@utah.gov.

State Privacy Office Team