On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S. law to protect electronic information that individuals have shared with certain third parties. The bill, called the “Electronic Information or Data Privacy Act,” places restrictions on law enforcement’s ability to obtain certain types of “electronic information or data” of a Utah resident, including (1) location information, stored data or transmitted data of an electronic device, and (2) data that is stored with a “remote computing service provider” (i.e., data stored in digital devices or servers). The law provides for situations in which law enforcement may obtain such information without a warrant.
Another key provision of the bill requires that within 14 days after obtaining such information pursuant to a warrant, law enforcement provide a notification that states (1) a warrant was applied for and granted; (2) the kind of warrant issued; (3) the period of time during which the collection of the electronic information or data was authorized; (4) the offense specified in the warrant application; (5) the identity of the law enforcement agency that filed the application; and (6) the identity of the judge who issued the warrant. A court, however, may grant permission to delay the notification if certain conditions are met.
Representative Craig Hall, R-Utah, who introduced the bill, stated that the goal “is to provide the same protections we have in the physical world and apply those to the electronic world.” The bill is expected to take force in May.