Utah's UCPA is the most business-friendly of the comprehensive state privacy laws — higher revenue thresholds, opt-out only (no opt-in for sensitive data), and no data protection assessment requirement.
Last reviewed 2026-06-19 · Risk rating rationale: The $25M revenue floor exempts most SMBs. Mid-market businesses with significant Utah customer bases are the primary group affected.
Find out in 10 seconds whether your site meets Utah's requirements
Scantra runs a free, no-account, 9-check audit of your homepage covering privacy policy, contact info, CCPA-style opt-out, security headers, accessibility, and SEO basics. Most Utah sites we scan fail at least three.
No credit card · Email required so we can send you the full results.
Key Utah laws affecting websites
The statutes most likely to apply to a commercial website serving Utah residents. Click a citation to read the official text where available.
UCPA
— Utah Consumer Privacy Act· Effective 2023
Applies to: Entities with annual revenue of $25M+ that either (a) control or process data of 100,000+ Utah consumers, or (b) derive 50%+ of revenue from data sale AND control or process data of 25,000+ Utah consumers.
What your website must do
Privacy notice with categories of data, purposes, sale, and rights
Opt-out of targeted advertising and data sale
Notice + opt-out (NOT opt-in) for sensitive data — UCPA is unique in this
What your site has to disclose, ask consent for, and allow consumers to do with their personal information.
UCPA provides standard access/deletion/portability/opt-out rights but does not include correction. No data protection assessment requirement.
Practical requirements for your website
Privacy notice with the categories of personal data and any sale
Opt-out from targeted ads and from sale of personal data
Verify requests within 45 days
Cookies and tracking
Federal law applies
When you need consent, opt-outs, or universal-signal honor for cookies and analytics scripts.
No cookie banner required. GPC signal is not mandated.
Practical requirements for your website
Provide a privacy choices link if you use targeted advertising cookies
Accessibility (ADA + state)
Federal law applies
WCAG conformance expectations and how the state's accessibility cases tend to be litigated.
Federal ADA Title III applies.
Practical requirements for your website
WCAG 2.1 AA conformance
Cybersecurity and breach response
Federal law applies
What 'reasonable security' looks like under state law and how fast you have to notify after a breach.
Federal FTC Act applies.
Practical requirements for your website
Material connection disclosures
Email and SMS marketing
Federal law applies
How federal CAN-SPAM and TCPA interact with state-level marketing rules in this jurisdiction.
Federal CAN-SPAM applies.
Practical requirements for your website
Accurate headers, functional unsubscribe, physical address
AI regulation
Federal law applies
Which AI uses the state has chosen to regulate, who's covered, and what the website has to disclose.
No AI-specific law. UCPA does not include opt-out from profiling.
Practical requirements for your website
Federal FTC Act prohibits unfair or deceptive AI use
Frequently asked questions about Utah website compliance
Does UCPA apply to my Utah-based small business?
Probably not. UCPA's $25M revenue threshold exempts most small and mid-market Utah businesses. Even if you're below the threshold, you should still comply with federal CAN-SPAM, ADA Title III, and FTC Act — and CCPA if you do business with California consumers.
Why doesn't UCPA require opt-in for sensitive data?
The Utah legislature deliberately took a more business-friendly approach than Virginia, Colorado, and Connecticut. UCPA requires NOTICE plus the ability to opt out of sensitive data processing, not affirmative opt-in. This is unique among state privacy laws.
Ready to check your own site against Utah's requirements?
The same free 9-rule scan, no signup needed. Two of the findings include drafted fixes you can copy/paste; full results (and ongoing monitoring) come with a free account.
Important: Scantra is a software tool and a non-profit publisher, not a law firm. The summaries on this page are written for general business orientation and reflect the editors' reading of the statutes as of 2026-06-19. They are not legal advice and should not be the only source you rely on for compliance decisions. For your specific situation, consult a licensed attorney in Utah.