Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Utah · Title 63A — Utah Government Operations Code · Chapter 19

63A-19-101. Definitions.

1,299 words·~6 min read·/ut/title-63a/chapter-19/63a-19-101·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Effective 5/6/2026
63A-19-101. Definitions.
As used in this chapter:
(1)"Anonymized data" means information that has been irreversibly modified so that there is no possibility of using the information, alone or in combination with other information, to identify an individual.
(2)"At-risk government employee" means the same as that term is defined in Section 63A-19-408 .
(3)"Automated decision making" means using personal data to make a decision about an individual through automated processing, without human review or intervention.
(4)"Biometric data" means the same as that term is defined in Section 13-61-101 .
(a)"Chief administrative officer" means the same as that term is defined in Section 63A-12-100.5 .
(b)"Chief administrative officer" for a municipality may be, in the municipality's discretion, a separate and distinct role from the chief administrative officer role described in Section 11-50-202 .
(6)"Chief privacy officer" means the individual appointed under Section 63A-19-302 .
(7)"Commission" means the Utah Privacy Commission established in Section 63A-19-203 .
(8)"Contract" means an agreement between a governmental entity and a person for goods or services that involve personal data.
(a)"Contractor" means a person who:
(i)has entered into a contract with a governmental entity; and
(ii)may process personal data under the contract.
(b)"Contractor" includes a contractor's employees, agents, or subcontractors.
(10)"Cyber Center" means the Utah Cyber Center created in Section 63A-16-1102 .
(11)"Data breach" means the unauthorized access, acquisition, disclosure, loss of access, or destruction of personal data held by a governmental entity, unless the governmental entity concludes, according to standards established by the Cyber Center, that there is a low probability that personal data has been compromised.
(12)"Data privacy complaint" means a complaint or concern raised by an individual regarding:
(a)an alleged infringement on the individual's data privacy interests described in Subsection 63A-19-102(1) ; or
(b)a governmental entity's data privacy practices described in Part 4, Duties of Governmental Entities.
(13)"De-identified data" means information from which personal data has been removed or obscured so that the information is not readily identifiable to a specific individual, and which may not be re-identified.
(14)"Genetic data" means the same as that term is defined in Section 13-60-102 .
(15)"Governing board" means the Utah Privacy Governing Board established in Section 63A-19-201 .
(16)"Governmental entity" means the same as that term is defined in Section 63G-2-103 .
(17)"Government website" means a set of related web pages that is operated by or on behalf of a governmental entity and is:
(a)located under a single domain name or web address; and
(b)accessible directly through the internet or by the use of a software program.
(a)"High-risk processing activities" means a governmental entity's processing of personal data that may have a significant impact on an individual's privacy interests, based on factors that include:
(i)the sensitivity of the personal data processed;
(ii)the amount of personal data being processed;
(iii)the individual's ability to consent to the processing of personal data; and
(iv)risks of unauthorized access or use.
(b)"High-risk processing activities" may include the use of:
(i)facial recognition technology;
(ii)automated decision making;
(iii)profiling;
(iv)genetic data of a living person;
(v)biometric data; or
(vi)specific geolocation data.
(19)"Independent entity" means the same as that term is defined in Section 63E-1-102 .
(20)"Individual" means the same as that term is defined in Section 63G-2-103 .
(21)"Legal guardian" means:
(a)the parent of a minor; or
(b)an individual appointed by a court to be the guardian of a minor or incapacitated individual and given legal authority to make decisions regarding the person or property of the minor or incapacitated individual.
(22)"Office" means the Utah Office of Data Privacy created in Section 63A-19-301 .
(23)"Ombudsperson" means the data privacy ombudsperson appointed under Section 63A-19-501 .
(24)"Person" means the same as that term is defined in Section 63G-2-103 .
(25)"Personal data" means information that is linked or can be reasonably linked to an identified individual or an identifiable individual.
(26)"Privacy annotation" means a summary of personal data contained in a record series as described in Section 63A-19-401.1 .
(27)"Privacy practice" means a governmental entity's:
(a)organizational, technical, administrative, and physical safeguards designed to protect an individual's personal data;
(b)policies and procedures related to the acquisition, use, storage, sharing, retention, and disposal of personal data; and
(c)practice of providing notice to an individual regarding the individual's privacy rights.
(28)"Process," "processing," or "processing activity" means any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, access, retrieval, consultation, use, disclosure by transmission, transfer, dissemination, alignment, combination, restriction, erasure, or destruction.
(29)"Profiling" means any form of automated processing performed on personal data to evaluate, analyze, or predict an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements..
(a)"Purchase" or "purchasing" means the exchange of monetary consideration to obtain the personal data of an individual who is not a party to the transaction.
(b)"Purchase" or "purchasing" does not include payment from one governmental entity to another governmental entity for access to a record in accordance with Section 63G-2-203 .
(31)"Record" means the same as that term is defined in Section 63G-2-103 .
(32)"Record series" means the same as that term is defined in Section 63G-2-103 .
(33)"Retention schedule" means a governmental entity's schedule for the retention or disposal of records that has been approved by the Records Management Committee pursuant to Section 63A-12-113 .
(a)"Sell" means the transfer of personal data in exchange for monetary consideration by a governmental entity to a third party.
(b)"Sell" does not include a fee:
(i)charged by a governmental entity for access to a record pursuant to Section 63G-2-203 ; or
(ii)assessed in accordance with an approved fee schedule.
(35)"Specific geolocation data" means the same as that term is defined in Section 13-61-101 .
(a)"State agency" means the following entities that are under the direct supervision and control of the governor or the lieutenant governor:
(i)a department;
(ii)a commission;
(iii)a board;
(iv)a council;
(v)an institution;
(vi)an officer;
(vii)a corporation;
(viii)a fund;
(ix)a division;
(x)an office;
(xi)a committee;
(xii)an authority;
(xiii)a laboratory;
(xiv)a library;
(xv)a bureau;
(xvi)a panel;
(xvii)another administrative unit of the state; or
(xviii) an agent of an entity described in Subsections (36)(a)(i) through
(xvii).
(b)"State agency" does not include:
(i)the legislative branch;
(ii)the judicial branch;
(iii)an executive branch agency within the Office of the Attorney General, the state auditor, the state treasurer, or the State Board of Education; or
(iv)an independent entity.
(37)"Synthetic data" means artificial data that:
(a)is generated from personal data; and
(b)models the statistical properties of the original personal data.
(38)"User" means an individual who accesses a government website.
(a)"User data" means any information about a user that is automatically collected by a government website when a user accesses the government website.
(b)"User data" includes information that identifies:
(i)a user as having requested or obtained specific materials or services from a government website;
(ii)internet sites visited by a user;
(iii)the contents of a user's data-storage device;
(iv)any identifying code linked to a user of a government website; and
(v)a user's:
(A)IP or Mac address; or
(B)session ID.
(40)"Website tracking technology" means any tool used by a government website to:
(a)monitor a user's behavior; or
(b)collect user data.
Amended by Chapter 202 , 2026 General Session
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.