graphic of a white sheet of paper on blue background

What is UCPA?

The Utah Consumer Privacy Act (UCPA), introduced in 2023, protects the personal data of Utah residents by providing rights such as data transparency, access, and control.

Where does the UCPA apply to?

The UCPA applies to businesses that meet certain criteria, including having annual revenue of $25 million or more, processing the personal data of 100,000 or more Utah residents each year, or earning over 50% of their revenue from selling personal information.

white sheet of paper against a blue background graphic
graphic of a white magnifying glass against a blue background

What Are the Possible Reasons for UCPA Penalties?

Enforcement of the UCPA involves consumer complaints managed by the Division of Consumer Protection. Persistent violations may lead to action from the attorney general, resulting into fines.

Who is Liable for UCPA Penalties?

If an organization violates the personal data protection requirements in the UCPA, the Attorney General can take legal action against them.

graphic of a building in white against a blue background
white sheet of paper graphic against a blue background with shield in front of it

What Are the UCPA Penalties for
Non-Compliance?

If the Utah Attorney General identifies a violation of the law by a controller or processor, the organization can be fined up to $7,500 per violation. However, the UCPA provides a 30-day cure period, allowing violators 30 days to correct the issue.

Get the UCPA checklist for Free

Improve the effectiveness of your compliance strategy now.

Download checklist
graphic of a white notepad page against a black background

Frequently Asked Questions

What are the responsibilities of Data Processors?

Data processors must comply with the UCPA when handling consumer data. This includes granting consumers the right to access, delete, and opt out of the sale of their data, as well as providing a clear privacy policy outlining data collection, use, and sharing practices. Data processors are also responsible for protecting consumer data from misuse and breaches.

How the UCPA is enforced?

The Utah Consumer Privacy Act (UCPA) is enforced by the Utah Attorney General’s Office, which investigates violations and conducts audits to ensure compliance. The Attorney General can seek civil penalties, damages, and injunctive relief for willful violations. Consumer complaints or inquiries regarding the UCPA can be submitted to the Attorney General’s Office for investigation and action when necessary.

What Are the Requirements of the UCPA?

The UCPA requires businesses to give consumers rights over their data, including access, deletion, and opting out of data sales. Businesses must inform consumers of any data breaches or misuse and provide transparency on how their data is being used. Additionally, businesses must offer a privacy policy detailing how consumer data is collected, used, and shared.

How to make my business compliant with the UCPA?

To assure UCPA compliance for your business, start by implementing clear data protection policies and procedures. One of the easiest ways to simplify compliance is by using a Consent Management Platform (CMP) like Consentmo, which is designed specifically for Shopify stores. Our app helps you manage cookie consent, data requests, and user rights, verifying your store meets UCPA requirements without hassle.

Is your site compliant?