GDPR and US States General Privacy Laws Deskbook

Page 15 - GDPR and US States General Privacy Laws Deskbook

P. 15

CONTENTS
SUBCHAPTER D. ENFORCEMENT.......................................................................................................................................................................... 417
Sec. 541.151. ENFORCEMENT AUTHORITY EXCLUSIVE. .................................................................................................................................. 417
Sec. 541.152. INTERNET WEBSITE AND COMPLAINT MECHANISM.. ............................................................................................................ 417
Sec. 541.153. INVESTIGATIVE AUTHORITY. . .......................................................................................................................................................... 417
Sec. 541.154. NOTICE OF VIOLATION OF CHAPTER; OPPORTUNITY TO CURE. ...................................................................................... 417
Sec. 541.155. CIVIL PENALTY; INJUNCTION. . ........................................................................................................................................................ 418
Sec. 541.156. NO PRIVATE RIGHT OF ACTION. . ................................................................................................................................................... 418
SUBCHAPTER E. CONSTRUCTION OF CHAPTER; EXEMPTIONS FOR CERTAIN USES OF CONSUMER PERSONAL DATA....... 418
Sec. 541.201. CONSTRUCTION OF CHAPTER. ..................................................................................................................................................... 418
Sec. 541.202. COLLECTION, USE, OR RETENTION OF DATA FOR CERTAIN PURPOSES. . ....................................................................... 419
Sec. 541.203. DISCLOSURE OF PERSONAL DATA TO THIRD-PARTY CONTROLLER OR PROCESSOR. . .............................................. 419
Sec. 541.204. PROCESSING OF CERTAIN PERSONAL DATA BY CONTROLLER OR OTHER PERSON. ................................................. 420
Sec. 541.205. LOCAL PREEMPTION. ........................................................................................................................................................................ 420
Utah Consumer Privacy Act ...................................................................................................................................................................... 421
Part 1. General Provisions . ......................................................................................................................................................................................... 422
13-61-101. Definitions................................................................................................................................................................................................... 422
13-61-102. Applicability. . .............................................................................................................................................................................................. 426
13-61-103. Preemption -- Reference to other laws.. ............................................................................................................................................... 429
Part 2. Rights Relating to Personal Data................................................................................................................................................................. 429
13-61-201. Consumer rights -- Access -- Deletion -- Portability -- Opt out of certain processing.............................................................. 429
13-61-202. Exercising consumer rights...................................................................................................................................................................... 430
13-61-203. Controller’s response to requests.......................................................................................................................................................... 430
Part 3. Requirements for Controllers and Processors. ......................................................................................................................................... 431
13-61-301. Responsibility according to role.. ............................................................................................................................................................ 431
13-61-302. Responsibilities of controllers -- Transparency -- Purpose specification and data minimization -- Consent for secondary use
-- Security -- Nondiscrimination --Nonretaliation -- Nonwaiver of consumer rights....................................................................................... 432
13-61-303. Processing deidentified data or pseudonymous data.. ...................................................................................................................... 433
13-61-304. Limitations................................................................................................................................................................................................... 434
13-61-305. No private cause of action.. ..................................................................................................................................................................... 435
Part 4. Enforcement. ..................................................................................................................................................................................................... 436
13-61-401. Investigative powers of division............................................................................................................................................................. 436
13-61-402. Enforcement powers of the attorney general.. .................................................................................................................................... 436
13-61-403. Consumer Privacy Restricted Account.. ................................................................................................................................................ 437
13-61-404. Attorney general report............................................................................................................................................................................ 437
Effective date.................................................................................................................................................................................................................... 437
Virginia Consumer Data Protection Act ................................................................................................................................................ 438
Chapter 53. Consumer Data Protection Act.. ......................................................................................................................................................... 439
§ 59.1-575. Definitions.. ................................................................................................................................................................................................. 439
§ 59.1-576. Scope; exemptions.................................................................................................................................................................................... 441
§ 59.1-577. Personal data rights; consumers.. ........................................................................................................................................................... 442
§ 59.1-578. Data controller responsibilities; transparency.. ................................................................................................................................... 443
§ 59.1-579. Responsibility according to role; controller and processor.. ............................................................................................................. 445
§ 59.1-580. Data protection assessments.. ................................................................................................................................................................ 445
§ 59.1-581. Processing de-identified data; exemptions.. ........................................................................................................................................ 446
15 | General Privacy Laws Deskbook: US State Laws and GDPR

13 14 15 16 17