Utah Consumer Privacy Act (UCPA) Awareness Course

Coming Soon: March 2026 Delivery: 100% online Duration: 30-35 minutes Certificate on Completion

0:00

15,000+ learners across our course collection. Immediate access on launch. 14 day 100% money-back guarantee.

Utah took a distinctly business-friendly approach to consumer privacy. The UCPA has higher thresholds for applicability, fewer consumer rights, no data protection assessment requirement, and a permanent cure period - making it notably different from other comprehensive state privacy laws.

This course gives your team practical guidance on the Utah Consumer Privacy Act. We cover who the law applies to, what rights Utah residents have (and don't have), how Utah differs from other state laws, and what the permanent cure period means for compliance.

Understanding Utah's approach is valuable for organisations navigating the patchwork of US state privacy laws. No technical background required - just focused, practical training your team can apply immediately.

Why learn about the UCPA?

Understand the most business-friendly US state privacy law
Know which consumer rights apply in Utah (and which don't)
Understand how Utah differs from Virginia, Colorado, and other states
Leverage the permanent 30-day cure period for compliance flexibility
Avoid penalties of up to $7,500 per violation

Course features

Utah-specific

Focused entirely on the UCPA with Utah-specific requirements, thresholds, and enforcement context.

Practical scenarios

Real-world examples showing how the UCPA applies in everyday business situations.

Comparison insights

Understand how Utah differs from other state privacy laws to streamline multi-state compliance.

Official sources

Built from Utah statutes and official guidance, with references to official documentation.

Learning with us

Course information

Learning outcomes

Understand when and how the UCPA applies to your organisation
Know the rights Utah residents have over their personal data
Understand what makes Utah different from other state privacy laws
Handle consumer requests correctly within required timeframes
Leverage the permanent cure period for compliance flexibility

Training recommendations

All employees who handle customer data should complete this training.
Annual refresher training is recommended to stay current with any regulatory changes.
Teams handling consumer requests may benefit from additional role-specific training.

This course is recommended for

Employees who handle customer data at organisations that conduct business in Utah or target Utah residents. This includes marketing, sales, customer service, HR, IT, and compliance teams.

Prerequisites

There are no prerequisites for this course. No legal or technical background is required.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (SCORM format available).

Course content

Section 1: Understanding Utah's Privacy Framework

In this section we introduce the Utah Consumer Privacy Act and explain why it's considered the most business-friendly of the comprehensive US state privacy laws. We cover when the law applies, who it protects, and the key differences from other state laws.

Lessons

Introduction to the UCPA
Who the law applies to
Key definitions explained
Utah residents and their rights

Section 2: Consumer Rights Under the UCPA

Utah residents have specific rights over their personal data, though fewer than under some other state laws. This section covers what those rights are and how to handle requests - notably, Utah does not include a right to correct data.

Lessons

The right to know
The right to access
The right to delete
The right to data portability
The right to opt out of sales and targeted advertising
No right to correct - understanding the difference
Handling consumer requests

Section 3: Sensitive Data and Consent

Utah requires opt-in consent before processing sensitive data. We explain what counts as sensitive data under Utah law and how to handle consent requirements.

Lessons

What is sensitive data under UCPA?
The opt-in consent requirement
Children's data protections
Practical consent workflows

Section 4: Operational Requirements

This section covers the day-to-day operational requirements including privacy notice requirements, security obligations, and working with processors.

Lessons

Data minimisation principles
Purpose limitation
Security requirements
Processor contracts and obligations
Privacy notice requirements

Section 5: What Makes Utah Different

Utah's approach is notably more business-friendly than other state privacy laws. This section covers the key differences including higher thresholds, no data protection assessment requirement, and different consumer rights.

Lessons

Higher applicability thresholds
No data protection assessment requirement
No universal opt-out mechanism requirement
Limited consumer rights compared to other states
Permanent 30-day cure period

Section 6: Enforcement and Compliance

Understand the enforcement landscape, the permanent 30-day cure period, and what penalties look like under Utah law.

Lessons

Attorney General enforcement
The permanent 30-day cure period
Consumer complaints process
Penalties and remedies
No private right of action

Section 7: Assessment

Test your knowledge with scenario-based questions covering all the key UCPA concepts from the course.

Lessons

Knowledge check (10 questions)

How it works

Step 1

Get notified

Sign up to be notified when this course launches. You'll be among the first to know and can start training your team immediately.

Step 2

Start learning

Each team member will have access to the learning materials and assessment. On completion of the course, team members will be issued with a certificate.

Step 3

Stay compliant

As the UCPA evolves, we'll update the course. Trainees can review updated materials to stay current with any changes.

What's included

Training

Distraction-free online learning platform
Scenario-based end of course assessment

Updates

Access to all course material updates and enhancements for the length of your access period

Certification

Certificate on completion

Course FAQs

Will I get a certificate?

Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of the course including the end of course assessment. You can add this to your LinkedIn profile.

Who should take this course?

This course is designed for employees who handle customer data at organisations that may be subject to Utah's privacy law. This includes marketing, sales, customer service, HR, and IT teams.

How is the UCPA different from other US state privacy laws?

The UCPA is considered the most business-friendly US state privacy law. Key differences include: higher applicability thresholds (revenue-based), no data protection assessment requirement, no universal opt-out mechanism requirement, no right for consumers to correct their data, and a permanent 30-day cure period that never expires.

Does the UCPA apply to my organisation?

The UCPA applies to organisations that conduct business in Utah or target Utah residents, have annual revenue of $25 million or more, AND either: (a) control or process personal data of 100,000+ Utah consumers, or (b) derive 50%+ of gross revenue from selling personal data and process data of 25,000+ Utah consumers.

What are the penalties for non-compliance?

The Utah Attorney General can impose civil penalties of up to $7,500 per violation. Importantly, Utah provides a permanent 30-day cure period - if you fix the violation within 30 days of notice, no penalty applies. This cure period does not expire.

Is there a money back guarantee?

Yes, we offer a 14-day 100% money-back guarantee. If you are not satisfied with the course for any reason, simply contact us within 14 days of purchase for a full refund.

How long does the course take?

The course typically takes 30-35 minutes to complete. You can pause and resume at any time, and your progress is automatically saved.