The State of Utah (State) is committed to protecting the privacy of those accessing its websites. The purpose of this policy is to inform those accessing State websites about the collection and use of the personally identifiable information of its users.
HB25 Governmental Internet Information Privacy Act Description
Definition of Personally Identifiable Information (PII)
For the purposes of this policy “personally identifiable information” means any information collected online that could serve to identify an individual, such as:
- First and last name
- Physical address
- E-mail address
- Telephone number
- Social Security number
- Credit card information
- Account Number
- Bank account information
- Any combination of personal information that could be used to determine identity
Collection of Information
The following information may be automatically collected and retained if you look or search through our web pages, or download information:
- the Internet domain and Internet Protocol (IP) address of the computer you are using to access our site;
- the type of browser and operating system used to visit our site;
- the date and time of when you access our site; and
- which portions of the website you visit.
The data collected serve as part of our statistical analysis about the use of our websites so we may better design online services and improve access to them. We do not attempt to gain personally identifiable information about individual users and associate it with IP addresses. The State does not use the information automatically collected to ascertain your personally identifiable information.
Except where specified, you do not have to provide personally identifiable information to visit or download information from State websites. Unless you choose to make your personally identifiable information available to us, the State does not collect such information from you. The State does not use or place Spyware on your computer. Be aware that government agencies may request personally identifiable information from you in order to perform requested specialized services.
How Personally Identifiable Information is used by the governmental entity
E-mail or other information requests sent to a State website may be saved and used to respond to the request, forward the request to the appropriate agency, communicate updates to the State site that may be of interest to citizens, or provide the State web designer with valuable customer feedback to assist in improving the website.
Any personally identifiable information an individual provides to a State site will be used solely by the State of Utah, its entities, and third party agents with whom it has contracted to perform a state function on its behalf, unless the information is designated as public record by an individual State agency as authorized under Title 63, Chapter 2, 302, 303, 304 of the Utah Code , entitled “Government Records Access and Management Act” (GRAMA), and the State agency’s website provides conspicuous notice that such information is subject to public access.
The Utah Health Code (Title 26 of the Utah Code) provides for collection, use, and disclosure of information in many ways different than provided in the Government Records Access and Management Act. Notable differences can be found in the Vital Statistics Act (Title 26, Chapter 2), the Utah Medical Examiner Act (Title 26, Chapter 4), the Communicable Disease Control Act (Title 26, Chapter 6), the Utah Health Data Authority Act (Title 26, Chapter 33a), and in Title 26, Chapter 3 (dealing with health statistics).
Collection and Use of Information
Children’s Personally Identifiable Information
Except as otherwise permitted by law, the State does not knowingly collect and use or disclose the personally identifiable information of a child under the age of 13.
The Utah Department of Health collects personally identifiable information on children under age thirteen for public health purposes such as to register births and deaths, to assist schools and health care providers to verify immunization status, to pay for health care services provided to Medicaid and Children’s Health Insurance recipients, and to conduct epidemiological studies to improve the public health of the state.
Personally Identifiable Information
Available or Collected from Governmental Websites
Information collected is subject to the access provisions of GRAMA and other applicable sections of the Utah Code, federal regulations, and federal law. Consequently, certain communications may be subject to public disclosure. However, in these instances you will be notified on either the utah.gov portal or on the agency website under the conditions described below in “State Agency Privacy Policies and How They Relate to This Policy.”
All records that are prepared, owned, received, or retained by a governmental entity that may be reproduced by certain means are considered public, unless they are private, controlled or protected as outlined in Sections 63-2-302, 63-2-303, and 63-2-304 of the Utah Code, or are records to which access is restricted according to court rule, other State law, federal law, or federal regulation. Information that is generally considered public record under GRAMA – and not made confidential elsewhere in the Utah Code or by federal law – may be subject to electronic access through Utah.gov websites.
PII is used by the governmental entities for the purpose of conducting official state business. A governmental entity may share PII with another governmental entity if it is designated as a record that is private, controlled, or protected as described in Section 63-2-206 unless such data sharing is expressly prohibited, authorized or required by federal law, state law, or federal regulation. In some instances a Governor’s directive or executive order may limit or prohibit data sharing even though Section 63-2-206 may permit such data sharing.
Data Security and Quality
The State of Utah is committed to data security and the data integrity of personally identifiable information available from or collected by State government websites. The State has taken precautions to protect personally identifiable information from loss, misuse, or alteration. Any authorized third parties responsible for this information are committed to the same principles, and are required by contract to follow the same policies and guidelines as the State of Utah in protecting this information. Visitors should be aware, however, that even though protections are in place, the State cannot guarantee against the occurrence of hardware failure, unauthorized intrusion or other technical problems.
Procedures for Access by the User to View or Correct Personally Identifiable Information
Unless otherwise prohibited by State law, federal law, or federal regulation, an individual may access and correct personally identifiable information whether or not the inaccuracy was created by accident, unauthorized access, or a change in circumstances. The State also reserves the right to use any legally appropriate measures to prevent, monitor, and investigate any attempt to deface, delete or otherwise tamper with or abuse a State website, server, database, information system or other State technology asset. For a description of the individual processes used by agencies to view or correct PII please use Utah.gov’s “Live Help” section. See also “Security Measures” section.
In some circumstances and for some databases, the Utah Department of Health does not allow the individual to access or correct personally identifiable information. In some of those circumstances, the Utah Department of Health will alter information if allowed by statute or required by court order. Examples include epidemiological information, Medicaid billing information, regulatory enforcement information, and vital records information.
State Agency Privacy Policies and How They Relate to This Policy
A full description of how agencies are to inform you if your personal information is treated any differently than as described in this policy is provided in R365-5-1 et seq. of the Utah Administrative Code, which governs the actions of state agencies.
The collection, use, and dissemination of some information is without the individual’s permission.
Visitors may link to various websites from State web pages. The State is not responsible for the privacy practices or content of external sites. Many of these sites, particularly those in the private sector, may not be subject to GRAMA, other sections of the Utah Code, or federal law. Those visiting external sites are advised to check the applicable privacy statement and be cautious about providing personally identifiable information without a clear understanding of how the information will be used.
If you have questions, comments, or concerns, please contact us by calling 801-538-6003.