While many U.S. states are enacting GDPR-inspired privacy laws, Utah has taken a more business-friendly approach with the Utah Consumer Privacy Act (UCPA). Signed into law in March 2022 and effective as of December 31, 2023, UCPA introduces basic privacy rights for Utah residents—but with narrower scope and fewer obligations compared to laws in California, Colorado, or Connecticut.

For SaaS companies like Walla, UCPA may appear more lenient, but it's still a critical compliance checkpoint if you process data from Utah users. Especially if you're scaling your services across the U.S., understanding UCPA helps align your infrastructure and legal posture early on.

1. Overview of the UCPA

UCPA is the only U.S. state privacy law (as of now) that includes a minimum revenue threshold—$25 million.

2. Consumer Rights Under UCPA

Compared to other state laws, UCPA provides fewer rights to consumers. Here's what users in Utah can request:

• Right to Access: View what personal data is collected and how it's used.

• Right to Delete: Request deletion of data provided directly by the consumer.

• Right to Data Portability: Receive a copy of their personal data in a portable format.

• Right to Opt Out of: Sale of personal data, Targeted advertising

🧠 Note: UCPA does not include the right to correct personal data or opt out of profiling.

3. Key Business Obligations

While the consumer rights are limited, businesses still have responsibilities when processing Utah residents' data:

3-1. Data Security

You must implement “reasonable administrative, technical, and physical data security practices” to protect personal data.

3-2. Data Processing Contracts

If you share data with third parties (processors), you must have binding contracts that outline processing instructions, data confidentiality, and deletion policies.

3-3. Privacy Notice

Publicly disclose:

• Categories of data collected

• Purposes of processing

• How users can exercise their rights

• Whether data is sold or shared for targeted advertising

3-4. Opt-Out Mechanism

Provide clear and accessible options for users to opt out of data sales or targeted ads.

4. UCPA vs. Other U.S. Privacy Laws

📌 UCPA is considered the least burdensome among the five major U.S. privacy laws—making it easier to comply but still important to observe.

5. How Walla Complies with UCPA

Although UCPA is less strict, Walla’s privacy architecture is designed to handle more demanding regimes like GDPR or CPRA—so UCPA compliance is effectively built in.

Walla treats privacy compliance not as a checkbox—but as a core product feature.

6. Final Thoughts

The Utah Consumer Privacy Act (UCPA) represents a lighter-touch approach to data privacy in the U.S. It offers fewer user rights and obligations than other states—but also signals that even conservative jurisdictions are embracing modern privacy standards.

For SaaS builders like Walla, the takeaway is clear:

• Don’t wait for stricter laws—design your product to meet the highest privacy standards today

• Use lighter regulations like UCPA to validate and fine-tune your compliance playbook

• View privacy not as a barrier, but as a differentiator in trust-based markets

+ TL;DR: Walla’s UCPA-Ready Framework

• Region-aware hosting, including U.S. support

• Industry-grade encryption & access controls

• User control over ad tracking and data sharing

• Transparent privacy notices and opt-out tools

• Data sharing contracts with subprocessors

By building for privacy from the ground up, Walla is ready for Utah—and for the evolving privacy landscape across the United States.

https://home.walla.my