Section 202 – Exercising consumer rights.
Effective 12/31/2023 13-61-202. Exercising consumer rights. (1) A consumer may exercise a right by submitting a request to a controller, by means prescribed by the controller, specifying the right the consumer intends to exercise. (2) In the case of processing personal data concerning a known child, the parent or legal guardian of the known child […]
Section 203 – Controller’s response to requests.
Effective 12/31/2023 13-61-203. Controller’s response to requests. (1) Subject to the other provisions of this chapter, a controller shall comply with a consumer’s request under Section 13-61-202 to exercise a right. (2) (a) Within 45 days after the day on which a controller receives a request to exercise a right, the controller shall: (i) take […]
Section 301 – Responsibility according to role.
Effective 12/31/2023 13-61-301. Responsibility according to role. (1) A processor shall: (a) adhere to the controller’s instructions; and (b) taking into account the nature of the processing and information available to the processor, by appropriate technical and organizational measures, insofar as reasonably practicable, assist the controller in meeting the controller’s obligations, including obligations related to […]
Section 302 – Responsibilities of controllers — Transparency — Purpose specification and data minimization — Consent for secondary use — Security — Nondiscrimination — Nonretaliation — Nonwaiver of consumer rights.
Effective 12/31/2023 13-61-302. Responsibilities of controllers — Transparency — Purpose specification and data minimization — Consent for secondary use — Security — Nondiscrimination — Nonretaliation — Nonwaiver of consumer rights. (1) (a) A controller shall provide consumers with a reasonably accessible and clear privacy notice that includes: (i) the categories of personal data processed by […]
Section 303 – Processing deidentified data or pseudonymous data.
Effective 12/31/2023 13-61-303. Processing deidentified data or pseudonymous data. (1) The provisions of this chapter do not require a controller or processor to: (a) reidentify deidentified data or pseudonymous data; (b) maintain data in identifiable form or obtain, retain, or access any data or technology for the purpose of allowing the controller or processor to […]
Section 401 – Termination or nonrenewal of agreement — Notice — Repurchase obligations.
Effective 5/5/2021 13-58-401. Termination or nonrenewal of agreement — Notice — Repurchase obligations. (1) Except as provided in Section 13-58-402, a manufacturer or distributor may not terminate or fail to renew an agreement with a motorboat dealer unless: (a) the motorboat dealer defaults as described in Section 13-58-301; (b) the manufacturer or distributor gives the […]
Section 402 – Termination without time to cure.
Effective 5/5/2021 13-58-402. Termination without time to cure. A manufacturer or distributor may terminate an agreement with a motorboat dealer upon written notice and without a cure period described in Section 13-58-302, if: (1) the motorboat dealer: (a) financially defaults to the manufacturer, the distributor, or a financing source; (b) becomes subject to an order […]
Section 201 – Misrepresentation of health insurance coverage.
Effective 5/5/2021 13-59-201. Misrepresentation of health insurance coverage. (1) A health care provider or a health care provider’s representative may not represent to an enrollee that the health care provider is a contracted provider under the enrollee’s health benefit plan if the health care provider is not a contracted provider under the enrollee’s health benefit […]
Section 103 – Limitations.
Effective 5/5/2021 13-60-103. Limitations. This chapter does not apply to: (1) protected health information that is collected by a covered entity or business associate as those terms are defined in 45 C.F.R. Parts 160 and 164; (2) a public or private institution of higher education; or (3) an entity owned or operated by a public […]
Section 201 – Consumer genetic information — Privacy notice — Consent — Access — Deletion — Destruction.
Effective 5/5/2021 13-60-201. Consumer genetic information — Privacy notice — Consent — Access — Deletion — Destruction. (1) A direct-to-consumer genetic testing company shall: (a) provide to a consumer: (i) essential information about the company’s collection, use, and disclosure of genetic data; and (ii) a prominent, publicly available privacy notice that includes information about the […]