Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Utah · Title 13 — Commerce and Trade · Chapter 61

13-61-304. Limitations.

640 words·~3 min read·/ut/title-13/chapter-61/13-61-304

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Effective 12/31/2023
13-61-304. Limitations.
(1)The requirements described in this chapter do not restrict a controller's or processor's ability to:
(a)comply with a federal, state, or local law, rule, or regulation;
(b)comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, local, or other governmental entity;
(c)cooperate with a law enforcement agency concerning activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations;
(d)investigate, establish, exercise, prepare for, or defend a legal claim;
(e)provide a product or service requested by a consumer or a parent or legal guardian of a child;
(f)perform a contract to which the consumer or the parent or legal guardian of a child is a party, including fulfilling the terms of a written warranty or taking steps at the request of the consumer or parent or legal guardian before entering into the contract with the consumer;
(g)take immediate steps to protect an interest that is essential for the life or physical safety of the consumer or of another individual;
(i)detect, prevent, protect against, or respond to a security incident, identity theft, fraud, harassment, malicious or deceptive activity, or any illegal activity; or
(ii)investigate, report, or prosecute a person responsible for an action described in Subsection (1)(h)(i) ;
(i)preserve the integrity or security of systems; or
(ii)investigate, report, or prosecute a person responsible for harming or threatening the integrity or security of systems, as applicable;
(j)if the controller discloses the processing in a notice described in Section 13-61-302 , engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws;
(k)assist another person with an obligation described in this subsection;
(l)process personal data to:
(i)conduct internal analytics or other research to develop, improve, or repair a controller's or processor's product, service, or technology;
(ii)identify and repair technical errors that impair existing or intended functionality; or
(iii)effectuate a product recall;
(m)process personal data to perform an internal operation that is:
(i)reasonably aligned with the consumer's expectations based on the consumer's existing relationship with the controller; or
(ii)otherwise compatible with processing to aid the controller or processor in providing a product or service specifically requested by a consumer or a parent or legal guardian of a child or the performance of a contract to which the consumer or a parent or legal guardian of a child is a party; or
(n)retain a consumer's email address to comply with the consumer's request to exercise a right.
(2)This chapter does not apply if a controller's or processor's compliance with this chapter:
(a)violates an evidentiary privilege under Utah law;
(b)as part of a privileged communication, prevents a controller or processor from providing personal data concerning a consumer to a person covered by an evidentiary privilege under Utah law; or
(c)adversely affects the privacy or other rights of any person.
(3)A controller or processor is not in violation of this chapter if:
(a)the controller or processor discloses personal data to a third party controller or processor in compliance with this chapter;
(b)the third party processes the personal data in violation of this chapter; and
(c)the disclosing controller or processor did not have actual knowledge of the third party's intent to commit a violation of this chapter.
(4)If a controller processes personal data under an exemption described in Subsection
(1), the controller bears the burden of demonstrating that the processing qualifies for the exemption.
(5)Nothing in this chapter requires a controller, processor, third party, or consumer to disclose a trade secret.
Enacted by Chapter 462 , 2022 General Session
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.