US Lawyer Database

843-966-9603

Menu
Claim your profile

For Lawyer-Seekers

YOU DESERVE THE BEST LAWYER

Claim your profile

For Lawyer-Seekers

Menu

843-966-9603

Section 203 – Controller’s response to requests.

Home » US Law » 2022 Utah Code » Title 13 - Commerce and Trade » Chapter 61 - Utah Consumer Privacy Act » Part 2 - Rights Relating to Personal Data » Section 203 – Controller’s response to requests.

Section 203 – Controller’s response to requests.

Section 203 – Controller’s response to requests.

Effective 12/31/2023
13-61-203. Controller’s response to requests.

  • (1) Subject to the other provisions of this chapter, a controller shall comply with a consumer’s request under Section 13-61-202 to exercise a right.
  • (2)
    • (a) Within 45 days after the day on which a controller receives a request to exercise a right, the controller shall:
      • (i) take action on the consumer’s request; and
      • (ii) inform the consumer of any action taken on the consumer’s request.
    • (b) The controller may extend once the initial 45-day period by an additional 45 days if reasonably necessary due to the complexity of the request or the volume of the requests received by the controller.
    • (c) If a controller extends the initial 45-day period, before the initial 45-day period expires, the controller shall:
      • (i) inform the consumer of the extension, including the length of the extension; and
      • (ii) provide the reasons the extension is reasonably necessary as described in Subsection (2)(b).
    • (d) The 45-day period does not apply if the controller reasonably suspects the consumer’s request is fraudulent and the controller is not able to authenticate the request before the 45-day period expires.
  • (3) If, in accordance with this section, a controller chooses not to take action on a consumer’s request, the controller shall within 45 days after the day on which the controller receives the request, inform the consumer of the reasons for not taking action.
  • (4)
    • (a) A controller may not charge a fee for information in response to a request, unless the request is the consumer’s second or subsequent request during the same 12-month period.
    • (b)
      • (i) Notwithstanding Subsection (4)(a), a controller may charge a reasonable fee to cover the administrative costs of complying with a request or refuse to act on a request, if:
        • (A) the request is excessive, repetitive, technically infeasible, or manifestly unfounded;
        • (B) the controller reasonably believes the primary purpose in submitting the request was something other than exercising a right; or
        • (C) the request, individually or as part of an organized effort, harasses, disrupts, or imposes undue burden on the resources of the controller’s business.
      • (ii) A controller that charges a fee or refuses to act in accordance with this Subsection (4)(b) bears the burden of demonstrating the request satisfied one or more of the criteria described in Subsection (4)(b)(i).
  • (5) If a controller is unable to authenticate a consumer request to exercise a right described in Section 13-61-201 using commercially reasonable efforts, the controller:
    • (a) is not required to comply with the request; and
    • (b) may request that the consumer provide additional information reasonably necessary to authenticate the request.

Enacted by Chapter 462, 2022 General Session