Utah Consumer Privacy Act

What is UCPA?


The Utah Consumer Privacy Act (UCPA), officially House Bill 382, aims to protect the privacy of Utah residents by granting them various rights and imposing obligations on businesses that collect and process their personal data.

The consumers rights granted to consumers that businesses must respect are:

  • Right to access and copy personal data.
  • Right to correction of inaccurate data.
  • Right to deletion of personal data under certain circumstances.
  • Right to opt out of the sale of personal data.
  • Right to opt out of targeted advertising.

The business obligations mimic those of all the other US state privacy laws we have seen so far, such as to:

  • Disclose data collection and processing practices in a clear and accessible privacy notice.
  • Limit the processing of data to the purposes stated in the privacy notice.
  • Allow consumers to opt out of the sale of data or from certain kinds of processing.
  • Implement and maintain reasonable security measures to protect personal data.
  • Respond to consumer requests within a reasonable timeframe.

MergeBase and UCPA


MergeBase does not fall within the scope of the Utah Consumer Privacy Act because it does not meet the specific applicability thresholds. Nevertheless, we consistently adhere to the most rigorous data security protocols, ensuring that our practices not only meet but often exceed the security-related requirements of various legislations.

In the sphere of consumer data privacy, our rigorous adherence to the stringent standards of Canadian data protection laws naturally positions us well. This commitment ensures that we inherently meet and frequently surpass US states’ consumer data privacy benchmarks, including those stipulated by the Utah Consumer Privacy Act.


How Can MergeBase Help You Comply with the UCPA?


The UCPA allows you to determine what your “appropriate safeguards” are, enabling you to customize security protocols to suit your organization’s specific requirements.

At MergeBase, we understand that this autonomy comes with a significant responsibility. Our mission is to equip you with the necessary tools and expertise to establish a data security framework that not only meets but exceeds standard compliance expectations.

Our holistic strategy includes:

1. Proactive Risk Assessment — We delve deep to identify potential risks, uncovering hidden vulnerabilities and threats within your systems.

2. Advanced Threat Detection and Response — Our systems strengthen your defenses, rapidly detecting and mitigating cyber threats.

3. Streamlined Compliance Process — We ensure that you navigate UCPA regulations effortlessly and with full confidence.

Partnering with MergeBase enables you to:

  • Confidently achieve and sustain UCPA compliance.

  • Cultivate a robust data security culture within your organization.

  • Significantly reduce the likelihood of data breaches and cyberattacks.

  • Enhance trust and transparency with your clientele.