A proposal calling for greater oversight of government data collection and surveillance practices has won approval from state legislators and will become law if signed by the governor.
The legislation, HB243, would create two “privacy officer” positions within Utah government — one appointed by the governor and the other by the state auditor — and would also establish a privacy commission that would develop best practices and review civil liberties concerns.
“What this bill does is it requires a transparent review about government’s use of new surveillance technology and our personal data,” Sen. Kirk Cullimore, R-Sandy, told fellow lawmakers Thursday. “This will enable the Legislature to ensure that the right guardrails and oversight exist to protect civil liberties while still achieving public safety.”
The move follows the recent controversy over state contracts with Banjo, a Park City-based surveillance tech company. Last year, reports surfaced that the founder of the company behind the effort was once an active participant in a white supremacist group and was involved in the shooting of a synagogue. Multiple state agencies suspended or canceled their contracts with Banjo in response to the revelations.
Sen. Todd Weiler, R-Woods Cross, asked Cullimore what would’ve happened if HB243 were in place several years ago when the Utah Attorney General’s Office initially contracted with Banjo. Cullimore said the privacy commission would’ve reviewed the situation and advised the privacy officers who would, in turn, have made a recommendation to the state Legislature.
Under the bill, sponsored by House Majority Leader Francis Gibson, R-Mapleton, the governor, state auditor and attorney general would be in charge of appointing cybersecurity, technology, law enforcement and legal experts to the 12-person privacy commission. The panel would be in charge of crafting “guiding standards” for government privacy practices; developing best practices for storing personal information and data security; and reviewing civil liberties concerns.
They can also make recommendations for legislation on privacy.
One of the new state privacy officers would be appointed by the state auditor and would focus on overseeing the privacy and data policies in Utah’s local governments and state entities not supervised by the governor.
The officer would identify which ones pose the “greatest risk to individual privacy” and could offer suggestions for reform — after which local legislative bodies would have to hold a public hearing on the recommendations, according to the bill.
The second privacy officer created under the bill would be appointed by the governor and tasked with monitoring state agencies. This person would also identify the practices that are most threatening to personal privacy and would highlight specific situations for review and improvement.
The measure passed the Senate on Thursday by a unanimous vote and then earned a final procedural vote of approval in the House.