State Privacy Highlights
February 2024
Privacy Workshop: Privacy Legislation and AI Scams
March 6, 2024 11:00am-12:30pm
To register, click here!
Virtual and in-person at the Capitol complex
*In-person recommended!
11:00-11:30 Utah’s NEW 2024 privacy legislation.
Learn about the new requirements for privacy compliance from the 2024 legislative session. What resources will we be providing to support you in accomplishing your goals?
11:30-12:30 How to minimize the risk of becoming a victim to AI-driven scams.
Learn the main strategies of how to avoid becoming a victim to scams powered by generative artificial intelligence (AI). Participants will have the opportunity to role play through different scenarios addressing voice cloning, deep fakes, fake emails, and texts.
Featuring:
- Dr. Whitney Phillips, State Privacy Officer
- Nora Kurzova, JD., Assistant State Privacy Officer
Be a Leader in Privacy: Schedule a Privacy Health Check
Scheduling now for April and May 2024
What you get: a confidential report scoring what the organization does well and where there are gaps, by color code. There is also a section including recommendations on how to bridge any gaps we discover. As part of the follow up to the exercise we also offer active help in bridging the gaps, by drafting necessary documents, conducting training, recommending tools, building business cases, reviewing policies, etc.
No preparation needed on your side. 1.5 hours
As for participants, 2-10 is a great amount. It’s best to have not only the person who is the head of the privacy/ records management/ IT function but also have some other participant(s) present, the “regular user” (anyone that works with personal data and has been at the organization for at least a year and is from a different function than yours). However, answers are always considered to be on behalf of the organization or team, not individual responders.
To schedule, contact Dr. Whitney Phillips, State Privacy Officer at: wphillips@utah.gov
Remember, protecting privacy is critical to maintaining public trust and confidence in government work!
December 2023
Privacy Workshop for Utah Government Leaders
January 9, 2024 10:00am-3:30pm
To register, click here!
Virtual and in-person at the Capitol complex
*In-person recommended!
Pick and choose what to attend (all day, or only a couple of sessions)
Agenda
10:00-10:50 Privacy 101
11:00-11:50 To Destroy or Not to Destroy? How long to keep records
12:00-12:50 AI and Lunch (lunch provided for those in-person)
1:00-1:50 Incident Response/Data Breach
2:00-2:25 2024 Proposed Legislation
2:30-3:30 Bring your project: in-person only Privacy Impact Assessment, or Higher Education working group
Featuring:
- Dr. Whitney Phillips, State Privacy Officer
- Nora Kurzova, JD., Assistant State Privacy Officer
- Jeff Johnson, Higher Education Privacy Officer, USHE
Schedule a Privacy Health Check
Scheduling now for early January and March 2024
What you get: a confidential report scoring what the organization does well and where there are gaps, by color code. There is also a section including recommendations on how to bridge any gaps we discover. As part of the follow up to the exercise we also offer active help in bridging the gaps, by drafting necessary documents, conducting training, recommending tools, building business cases, reviewing policies, etc.
No preparation needed on your side. 1.5 hours
As for participants, 2-10 is a great amount. It’s best to have not only the person who is the head of the privacy/ records management/ IT function but also have some other participant(s) present, the “regular user” (anyone that works with personal data and has been at the organization for at least a year and is from a different function than yours). However, answers are always considered to be on behalf of the organization or team, not individual responders.
To schedule, contact Dr. Whitney Phillips, State Privacy Officer at: wphillips@utah.gov
Remember, protecting privacy is critical to maintaining public trust and confidence in government work!
October 2023
Webinar: Utah’s Privacy Policy Statement
November 29, 2023 12:00-1:00
Virtual and in-person at the Capitol complex
To register, click here!
Hands-on session guiding participants through their obligations under section 63D-2-103.
Participants will walk away with a template for the notice and an understanding of the overall best practices for notice implementation and management.
Featuring:
- Dr. Whitney Phillips, State Privacy Officer
- Nora Kurzova, JD., Assistant State Privacy Officer
What are the 6 required parts of a Privacy Policy Statement?
Utah’s Governmental Internet Information Privacy Act (63D-2-103) requires the following 6 items to be included in a Privacy Policy Statement:
☐ 1. Identity and contact information of the website operator
☐ 2. List the personally-identifiable information (PII) that is collected by the website
☐ 3. Description of how the PII is used by the government entity or its website operator
☐ 4. Overview of the practices related to sharing of PII by government entity or website operator
☐ 5. Outline the procedures (if any) of how a user may request access and/or correct the user’s PII
☐ 6. Summary of security measures to protect from unintended disclosure
Remember, protecting privacy is critical to maintaining public trust and confidence in government work!
State Privacy Office Website
For questions or concerns, contact Dr. Whitney Phillips, State Privacy Officer, at: wphillips@utah.gov
August 2023
Welcome to the latest edition of the State Privacy Highlights News from Utah’s State Privacy Officer
9 Key Privacy Provisions to Include in Any Vendor Contract
- Legal Compliance: Require the vendor to comply with applicable data protection laws and regulations.
- Data Protection and Security: Require the vendor to implement and maintain appropriate technical, physical, and administrative safeguards.
- Liability and Insurance: Require the vendor to insure against any damage or loss from or related to data breaches.
- Breach Notification: Require the vendor to notify your organization within 24-72 hours in the event of any verified or suspected (1) breach of security, (2) unauthorized disclosure, or(3) misuse of your organization’s data. Specify in the contract what constitutes a breach — do not rely on the vendor’s determination of what a breach is.
- Confidentiality: Require the vendor to keep your organization’s data confidential. Restrict the vendor from disclosing information to any third party without your organization’s prior written consent.
- Audit: Require the vendor to undergo security and privacy compliance audits. A third party may perform these audits.
- Data Deletion: Require the vendor to delete or return all of your organization’s data upon the termination of the contract.
- Use of Data Limitations: Restrict the vendor to only use your organization’s data for the purposes specified in the contract. Make those purposes clear and conspicuous in the contract.
- Subcontracting: Require the vendor to ensure subcontractors comply with the privacy clauses in the contract, if the vendor intends to subcontract any of the services under the contract.
For a starting point on drafting these provisions, see our recommendations (PDF).
Remember, protecting privacy is critical to maintaining public trust and confidence in government work!
For questions or concerns, contact Dr. Whitney Phillips, State Privacy Officer at: wphillips@utah.gov
Learn More about Privacy Provisions and
Utah’s New Data Breach Reporting Requirement
September 13, 2023 12:00-1:30
Virtual and in-person at the Capitol complex
To register, click here
Featuring:
- Travis Scott and Eric Sedgwick, Utah Cyber Center, Utah Division of Technology Services
- Dr. Whitney Phillips, State Privacy Officer
- Nora Kurzova, JD., Assistant State Privacy Officer
To sign up for State Privacy Highlights delivered to your inbox, visit http://eepurl.com/iwFowA.