| Privacy Rights Clearinghouse

The Utah Consumer Privacy Act (UCPA), in effect since December 31, 2023, is the most limited of the state privacy laws and reaches only larger companies, those taking in at least 25 million dollars a year. It gives Utahns no right to correct inaccurate data, and, like Iowa, it lets businesses handle sensitive information as long as they provide a chance to opt out rather than asking permission first.

Header Image - "2025 Data Breach Report" an annual analysis powered by the Data Breach Chronology,examining a year of breach notifications to understand the trends, gaps, and patterns in how breaches happen and how they're disclosed.

2025 Data Breach Report

In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals. This report examines what those 4,080 breaches tell us about the state of data security, and where the gaps in breach reporting leave consumers in the dark.

When a breach happens, what does your state actually require? 50 questions applied to 51 jurisdictions reveal how notification laws vary on timing, covered data, and consumer remedies.

Data Breach Notification Laws: A 50-State Survey (2026 Edition)

This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.

The survey reflects statutes enacted as of January 1, 2026.

Utah Consumer Privacy Act

2025 Data Breach Report

Data Breach Notification Laws: A 50-State Survey (2026 Edition)

Contact