Announcing Agent Commander - The First Integrated solution from Veeam + Securiti.ai enabling the scaling of safe AI agents

View
Veeam

The Funniest Evening at RSA with Hasan Minhaj

Hasan Minhaj Request ticket
View
Contact Us See a demo

Utah Consumer Privacy Act (UCPA) Compliance

Operationalize Privacy Act compliance with the most comprehensive PrivacyOps platform

Last Updated on July 31, 2025

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The Utah Consumer Privacy Act (UCPA) was signed into law in March 2022, making Utah the fourth state within the United States to draft and adopt a comprehensive data protection regulation. The law came into effect on December 31, 2023.

The UCPA applies to any controller or processor who:

  1. conducts business in Utah or produces a product or service that is targeted to consumers who are residents of Utah;
  2. has annual revenue of $25,000,000 or more; and
  3. satisfies one or more of the following thresholds:
    1. during a calendar year, controls or processes personal data of 100,000 or more consumers; or
    2. derives over 50% of the entity's gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more consumers.

The Utah Attorney General has the exclusive authority to enforce the UCPA and can recover actual damages to the consumer in addition to a civil penalty of up to $7,500 for each violation.

The Solution

Securiti empowers all organizations to ensure compliance with each provision of UCPA with the help of its plethora of products, which include, but are not limited to, AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment.

The solutions mentioned above are backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, making Securiti a market leader in providing data compliance and governance solutions.

Utah's Solution

See how our comprehensive PrivacyOps platform helps you comply with various sections of the UCPA.

Request a demo today to learn how Securiti can aid your and your organization's compliance with UCPA.

Assess UCPA Readiness

UCPA §13-61-102

Automate regular internal assessments of various internal data-related activities and mechanisms to evaluate their effectiveness and make appropriate adjustments accordingly. Doing so ensures that any potential gaps and blindspots are identified and addressed swiftly.

Utah Readiness
Utah Map Data to Discover Sensitive Personal Information

Map Data to Discover Sensitive Personal Information

UCPA §13-61-101(32)

Leverage dedicated data mapping, classification, and cataloging modules to ensure you gain real-time insights related to your organization’s data infrastructure.

Automate Data Classification & Labeling

UCPA §13-61-101(14), UCPA §13-61-101(24), UCPA §13-61-101(28), UCPA §13-61-101(32), UCPA §13-61-303

Classify & label data without your organization's data infrastructure to ensure appropriate security controls are enabled on the most sensitive data in your organization. Leverage the same module to identify sensitive files such as consent forms and financial statements and record them under appropriate categories.

Utah Automate Data Classification Labeling
Utah Automate Data Subject Rights Requests

Automate Data Subject Rights Requests

UCPA §13-61-201, UCPA §13-61-202, UCPA §13-61-203

Automate the entire process related to fulfilling consumer data rights requests and gain real-time updates on the status of each request via the central dashboard.

Continuous Monitoring & Tracking

UCPA Governance

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all data subjects’ consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Utah Continuous Monitoring Tracking
Utah Automate People Data Graph

Automate People Data Graph

UCPA Governance

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Automate Data Protection Impact Assessment (DPIA)

PPDPL Regulations Article 41

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Utah Automate Data Protection Impact Assessment
Utah Manage Vendor Risk

Manage Vendor Risk

UCPA §13-61-301

Keep track of all the organization's third-party vendors' data processing activities in real-time to ensure their data processing practices in relation to the data shared with them comply with the applicable legal requirements.

Breach Response Notification

Utah Code § 13-44-202

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

Utah Breach Response Notification
Utah Assess Data Protection

Assess Data Protection Measures & Enable Appropriate Security Controls

UCPA §13-61-302(2)

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate security controls to ensure all data with your organization's data infrastructure is adequately protected.

Privacy Policy & Notice Management

​​UCPA §13-61-302(1)

Automate the generation of a privacy policy that adequately informs individuals about your organization's data processing practices while fully complying with all applicable law provisions.

Utah Privacy Policy Notice Management
Utah Monitor Track Consent

Monitor & Track Consent

UCPA §13-61-302(3)

Ensure compliance with the UCPA's consent-related provisions across all major data processing activities by monitoring data subjects’ consent status via the central dashboard. Doing so allows organizations to prevent any processing or potential transfer, sharing, or selling of data to third parties unless explicitly consented to by the data subjects.

Enable Opt-out Mechanisms

​​UCPA §13-61-201(4), UCPA §13-61-302(3)

Leverage DSR automation modules to receive and proactively register any data subject opt-out requests and address such requests with global privacy controls (GPC).

Utah Enable Opt-out Mechanisms

Key Rights Under Utah’s Consumer Privacy Act

Right to Access

Data subjects have the right to confirm whether a controller is processing their personal data and request access to that data.

Right to Delete

Data subjects have the right to request the deletion of their personal data. However, this right only applies to the data the organization may have collected directly from the data subject.

Right to Data Portability

Data subjects have the right to request a copy of their personal data that the data subject previously provided to the controller. The data must be provided in a portable and readily usable format to the extent technically feasible and practicable.

Right to Opt-out of Data Processing

Data subjects have the right to opt out of the processing of their personal data for the purposes of targeted advertising. Data subjects also have the right to opt out of the sale of their personal data.

Facts Related to the Utah Consumer Privacy Act

Here are some important facts to know about the Utah Consumer Privacy Act:

1

All organizations have 45 days to comply with a data subject’s request to exercise a right, starting from the day on which the request is received;

2

A controller can seek a 45-day extension to the original timeline to comply with a data subject request if it is deemed reasonably necessary to comply with the request, owing to its complexity or volume of requests;

3

The Act empowers Utah’s Consumer Protection Division to manage a system to accept consumer complaints and investigate claims of infringement; and

4

Per the UCPA, there is no private right of action.

Analyze this article with AI

ChatGPT Claude Perplexity Grok
Prompts open in third-party AI tools.
IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
Please enter a minimum of 3 characters to begin your search.

Type

Videos
View More
March 9, 2026
Rehan Jalil, Veeam on Agent Commander : theCUBE + NYSE Wired: Cyber Security Leaders
Following Veeam’s acquisition of Securiti, the launch of Agent Commander marks an important step toward helping enterprises adopt AI agents with greater confidence. In...
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 50:52
From Data to Deployment: Safeguarding Enterprise AI with Security and Governance
Watch Now View
Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Latest
View More
February 24, 2026
Introducing Agent Commander
The promise of AI Agents is staggering— intelligent systems that make decisions, use tools, automate complex workflows act as force multipliers for every knowledge...
Risk Silos: The Biggest AI Problem Boards Aren’t Talking About View More
February 18, 2026
Risk Silos: The Biggest AI Problem Boards Aren’t Talking About
Boards are tuned in to the AI conversation, but there’s a blind spot many organizations still haven’t named: risk silos. Everyone agrees AI governance...
Largest Fine In CCPA History_ What The Latest CCPA Enforcement Action Teaches Businesses View More
February 23, 2026
Largest Fine In CCPA History: What The Latest CCPA Enforcement Action Teaches Businesses
Businesses can take some vital lessons from the recent biggest enforcement action in CCPA history. Securiti’s blog covers all the important details to know.
View More
February 19, 2026
AI & HIPAA: What It Means and How to Automate Compliance
Explore how the Health Insurance Portability and Accountability Act (HIPAA) applies to Artificial Intelligence (AI) in securing Protected Health Information (PHI). Learn how to...
California’s Delete Request and Opt-out Platform (DROP) and the Delete Act View More
March 11, 2026
California’s Delete Request and Opt-out Platform (DROP) and the Delete Act
Understand California’s DROP platform and the Delete Act, including compliance timelines, the 45-day cycle, broker obligations, and how to operationalize compliance.
Building A Secure AI Foundation For Financial Services View More
March 3, 2026
Building A Secure AI Foundation For Financial Services
Access the whitepaper and discover how financial institutions eliminate Shadow AI, enforce real-time AI policies, and secure sensitive data with a unified DataAI control...
Emerging AI Security Trends For 2026 View More
March 11, 2026
Emerging AI Security Trends For 2026
Securiti’s latest infographic provides security leaders with a walkthrough of all the emerging AI security trends for 2026 to help them assess and plan...
Safe AI, Accelerated: View More
March 11, 2026
Safe AI, Accelerated: Securing Data & AI Across the Lifecycle
Securiti’s latest infographic dives into the issue organizations face when scaling their AI projects safely, and how best they can address those challenges.
View More
February 18, 2026
Take the Data Risk Out of AI
Learn how to prepare enterprise data for safe Gemini Enterprise adoption with upstream governance, sensitive data discovery, and pre-index policy controls.
View More
December 22, 2025
Navigating HITRUST: A Guide to Certification
Securiti's eBook is a practical guide to HITRUST certification, covering everything from choosing i1 vs r2 and scope systems to managing CAPs & planning...
What's
New