Newsroom

This complaint is related to a government health lab that was the subject of a previous complaint. The original complainant was concerned about the disposal of lab samples containing personal data. In response to that complaint the lab revised its internal policies and adopted strict procedures for the staff to follow when disposing of samples. The complainant in this matter

The Complainant in this matter was concerned with the governmental entity’s denial ofthe Complainant’s requests to amend or correct a record. The first request to amend or correcta record specifically referenced Utah Code § 63G-2-603. The governmental entity denied therequest under Utah Code § 63G-2-204(1)(a)(ii) because it did not “identify a record”. TheComplainant sent a second request to amend or

The Complainant in this matter was concerned that the governmental entity’s application foremployment requires an applicant to provide their Social Security Number (SS#). TheGovernment Data Privacy Act (GDPA) requires government entities to only “obtain and processonly the minimum amount of personal data reasonably necessary to efficiently achieve aspecified purpose”. See Utah Code § 63A-19-401(2)(a)(ii). Representatives from thegovernmental entity said they

The Complainant in this matter was concerned that the governmental entity sent out a survey,which requested or collected personal data, without a privacy notice. The Government DataPrivacy Act (GDPA) at Subsection 63A-19-402(1) requires a governmental entity to provide aprivacy notice to an individual “from whom the governmental entity requests or collectspersonal data”. Representatives from the governmental entity indicated that they

The Complainant in this matter was concerned that the contact form on the governmentalentity’s website did not include a privacy notice as required by the Government Data PrivacyAct (GDPA). Subsection 63A-19-402(1) requires a governmental entity to provide a privacynotice to an individual “from whom the governmental entity requests or collects personal data”.The Complainant also pointed out that to file a

The Complainant in this matter was concerned that their photo was released by aschool employee in August 2020 without complying with the requirements in the GovernmentRecords Access and Management Act (GRAMA). Subsection 63G-2-204(1)(a) provides that aperson seeking to obtain a record in the possession of a governmental entity must submit awritten request to the governmental entity containing the person’s name,

The Complainant in this matter expressed concerns regarding the use of automatic licenseplate reader systems (ALPR) by two law enforcement agencies (LEAs). The Complainant wasalso concerned with the LEAs’ use, sharing, and retention of the license plate data (Data)obtained from these ALPRs. Specifically, the Complainant was worried that the LEAs mayretain Data, either in databases that are currently in use

The Complainant in this matter was concerned with the amount of personal data contained on their private investigator identification card. The personal data displayed on the identification card includes: The Complainant believed this was an issue given that a licensee may face discipline for refusing to display the identification card to any person having reasonable cause to verify the validity

This complaint was related to several issues, the first was regarding the Age Verification Program which requires establishments licensed by the governmental entity to verify an individual’s age before the individual can enter a bar or purchase alcohol. The Complainant was concerned that although the statute only requires a licensee to verify age if a patron appears to be 35

The complaint in this matter was related to a request for records made pursuant to the Government Records Access and Management Act (GRAMA). The original request was submitted through the governmental entity’s online records request portal. In order to submit a request through this system, an individual must submit the information required by GRAMA in Subsection 63G-2-204(1)(a). This includes the

The complainant in this matter was concerned that a public health lab was improperlydisposing of samples that had labels attached containing personal data. When this issue firstcame to light, the governmental entity that supervised the lab conducted a thorough review todetermine if personal data had been improperly disclosed to or accessed by any unauthorizedindividuals. A review was also conducted by

A concern was raised regarding whether personal data provided to the SafeUT program wasbeing used for research purposes without consent. The SafeUT website states that the datacollected may be used for research purposes in accordance with “institutional policies”. Areview of these policies revealed that consent is required in order to use any personal data forresearch purposes. A representative from the

A concern was raised regarding the privacy practices of the State’s BallotTrax program which allows Utah voters to sign up to receive alerts when their ballot is received and processed. To participate in the program a voter must provide BallotTrax with their name, date of birth, and zip code. The State also provides BallotTrax with voter data. A review of