IDC Names Securiti a Worldwide Leader in Data Privacy


Utah’s Consumer Privacy Act (UCPA)

Operationalize Privacy Act compliance with the most comprehensive PrivacyOps platform

Last Updated on December 4, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The Utah Consumer Privacy Act (UCPA) was signed into law in March 2022, making Utah the fourth state within the United States to draft and adopt a comprehensive data protection regulation. The law shall come into effect on December 31, 2023.

The UCPA applies to any controller or processor who:

  1. conducts business in Utah or produces a product or service that is targeted to consumers who are residents of Utah;
  2. has annual revenue of $25,000,000 or more; and
  3. satisfies one or more of the following thresholds:
    1. during a calendar year, controls or processes personal data of 100,000 or more consumers; or
    2. derives over 50% of the entity's gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more consumers.

The Utah Attorney General has the exclusive authority to enforce the UCPA and can recover actual damages to the consumer in addition to a civil penalty of up to $7,500 for each violation.

The Solution

Securiti empowers all organizations to ensure compliance with each provision of UCPA with the help of its plethora of products, which include, but are not limited to, AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment.

The solutions mentioned above are backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, making Securiti a market leader in providing data compliance and governance solutions.

Utah's Solution

See how our comprehensive PrivacyOps platform helps you comply with various sections of the UCPA.

Request a demo today to learn how Securiti can aid your and your organization's compliance with UCPA.

Assess UCPA Readiness

UCPA §13-61-102

Automate regular internal assessments of various internal data-related activities and mechanisms to evaluate their effectiveness and make appropriate adjustments accordingly. Doing so ensures that any potential gaps and blindspots are identified and addressed swiftly.

Utah's Readiness
Utah’s Map Data to Discover Sensitive Personal Information

Map Data to Discover Sensitive Personal Information

UCPA §13-61-101(32)

Leverage dedicated data mapping, classification, and cataloging modules to ensure you gain real-time insights related to your organization’s data infrastructure.

Automate Data Classification & Labeling

UCPA §13-61-101(14), UCPA §13-61-101(24), UCPA §13-61-101(28), UCPA §13-61-101(32), UCPA §13-61-303

Classify & label data without your organization's data infrastructure to ensure appropriate security controls are enabled on the most sensitive data in your organization. Leverage the same module to identify sensitive files such as consent forms and financial statements and record them under appropriate categories.

Utah's Automate Data Classification & Labeling
Utah's Automate Data Subject Rights Requests

Automate Data Subject Rights Requests

UCPA §13-61-201, UCPA §13-61-202, UCPA §13-61-203

Automate the entire process related to fulfilling consumer data rights requests and gain real-time updates on the status of each request via the central dashboard.

Continuous Monitoring & Tracking

UCPA Governance

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all data subjects’ consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Utah's Continuous Monitoring & Tracking
Utah's Automate People Data Graph

Automate People Data Graph

UCPA Governance

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Automate Data Protection Impact Assessment (DPIA)

PPDPL Regulations Article 41

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Utah's Automate Data Protection Impact Assessment (DPIA)
Utah's Manage Vendor Risk

Manage Vendor Risk

UCPA §13-61-301

Keep track of all the organization's third-party vendors' data processing activities in real-time to ensure their data processing practices in relation to the data shared with them comply with the applicable legal requirements.

Breach Response Notification

Utah Code § 13-44-202

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

Utah's Breach Response Notification
Utah's Assess Data Protection Measures & Enable Appropriate Security Controls

Assess Data Protection Measures & Enable Appropriate Security Controls

UCPA §13-61-302(2)

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate security controls to ensure all data with your organization's data infrastructure is adequately protected.

Privacy Policy & Notice Management

​​UCPA §13-61-302(1)

Automate the generation of a privacy policy that adequately informs individuals about your organization's data processing practices while fully complying with all applicable law provisions.

Utah's Privacy Policy & Notice Management
Utah's Monitor & Track Consent

Monitor & Track Consent

UCPA §13-61-302(3)

Ensure compliance with the UCPA's consent-related provisions across all major data processing activities by monitoring data subjects’ consent status via the central dashboard. Doing so allows organizations to prevent any processing or potential transfer, sharing, or selling of data to third parties unless explicitly consented to by the data subjects.

Enable Opt-out Mechanisms

​​UCPA §13-61-201(4), UCPA §13-61-302(3)

Leverage DSR automation modules to receive and proactively register any data subject opt-out requests and address such requests with global privacy controls (GPC).

Utah's Enable Opt-out Mechanisms

Key Rights Under Utah’s Consumer Privacy Act

Right to Access

Data subjects have the right to confirm whether a controller is processing their personal data and request access to that data.

Right to Delete

Data subjects have the right to request the deletion of their personal data. However, this right only applies to the data the organization may have collected directly from the data subject.

Right to Data Portability

Data subjects have the right to request a copy of their personal data that the data subject previously provided to the controller. The data must be provided in a portable and readily usable format to the extent technically feasible and practicable.

Right to Opt-out of Data Processing

Data subjects have the right to opt out of the processing of their personal data for the purposes of targeted advertising. Data subjects also have the right to opt out of the sale of their personal data.

Facts Related to the Utah Consumer Privacy Act

Here are some important facts to know about the Utah Consumer Privacy Act:


All organizations have 45 days to comply with a data subject’s request to exercise a right, starting from the day on which the request is received;


A controller can seek a 45-day extension to the original timeline to comply with a data subject request if it is deemed reasonably necessary to comply with the request, owing to its complexity or volume of requests;


The Act empowers Utah’s Consumer Protection Division to manage a system to accept consumer complaints and investigate claims of infringement; and


Per the UCPA, there is no private right of action.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report