63A-20-801. Complaints and enforcement.
273 words·~1 min read·
/ut/title-63a/chapter-20/63a-20-801A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Effective 5/6/2026
63A-20-801. Complaints and enforcement.
(1)An individual may submit a complaint to the data privacy ombudsperson alleging a violation of this chapter by:
(a)the department;
(b)a digital wallet provider;
(c)a verifier; or
(d)a relying party.
(2)The data privacy ombudsperson may receive and review a complaint described in Subsection
(1).
(3)If, after reviewing a complaint, the data privacy ombudsperson has reasonable cause to believe that a violation of this chapter has occurred, the data privacy ombudsperson may refer the complaint to the attorney general.
(4)Upon receiving a referral under Subsection
(3), or when the attorney general has reasonable cause to believe that a violation of this chapter has occurred, the attorney general is authorized to:
(a)issue civil investigative demands for depositions, documents, and requests for information in the time and manner prescribed by the attorney general; and
(b)bring a civil action in a court of competent jurisdiction to:
(i)enjoin a violation of this chapter;
(ii)obtain declaratory relief regarding compliance with this chapter; or
(iii)recover damages, restitution, and disgorgement on behalf of an individual injured by a violation of this chapter.
(5)The attorney general shall treat all information received in accordance with Subsection
(4)as non-public and confidential unless confidentiality is waived by the providing party, or upon the filing of an enforcement action.
(6)In an action brought under Subsection
(4), the court may award:
(a)injunctive relief;
(b)declaratory relief;
(c)equitable relief including restitution and disgorgement;
(d)actual damages;
(e)costs; and
(f)reasonable attorney fees.
Enacted by Chapter 436 , 2026 General Session