United States of America: Signed Cybersecurity Amendments Bill (SB 127)

On 23 March 2023, the Cybersecurity Amendments Bill (SB 127) was signed by the Utah Governor. The Bill will require companies who own or license computerised data that includes personal information to conduct an investigation when there is a breach of system security in order to determine the likelihood that personal information has been or will be misused for identity theft or fraud purposes. If an investigation reveals that the misuse of personal information for identity theft or fraud purposes has occurred or is reasonably likely to occur, the company would be required to provide notification to each affected Utah resident. Furthermore, companies will be required to notify the Attorney General and the Utah Cyber Center for a breach involving 500 or more state residents and to notify consumer reporting agencies for a breach involving 1’000 or more residents. In addition, the Bill will create the "Utah Cyber Center” in charge of promoting cybersecurity best practices, sharing cyber threat intelligence with governmental entities, and developing incident response plans, among others.