A recent privacy review by Utah’s Office of the State Auditor revealed 66% of Utah’s governmental entities and nonprofit organizations don’t comply in full with the state’s privacy statute.The audit, the first of its kind in Utah, assessed over 1,600 organizations — “counties, cities, school districts, charter schools, water districts, and nonprofits” — to determine whether they meet key requirements of Utah’s Governmental Internet Information Privacy Act. The act requires any organization that gathers peoples’ personal data to publish clear and concise privacy policy statements on their websites. Only 34% met this requirement. While there’s no guarantee against privacy violations, Park City residents can fortunately take several key steps to keep their data as safe as possible. Utah’s state privacy officer, Whitney Phillips, said she intends to support organizations on their journey to compliance. “We plan to first reach out to all government entities to provide them with their compliance determination, as well as additional resources (template, checklist, and training modules) to either become compliant, or improve upon their privacy policy statement,” said Phillips. Philips also said she considers this initial audit to have now set a baseline, which she can use to measure future progress. Notably, she also stressed that the purpose of the audit wasn’t to check whether or not organizations actually adhered to their privacy policies, but rather it focused solely on whether their policies were published (which is a legal requirement). Cyberattacks on government entities are one of the main ways privacy breaches occur. In particular, social engineering attacks, a common type of cyberattack, cost the state of Utah almost $6 million in 2016-22. This highlights the need for organizations to strengthen their cybersecurity practices, in addition to their privacy policies.Fortunately, however, Utah fairs quite well in comparison to rates of cyberattacks in other states. For example, California has the highest number of recorded data breaches between 2005 and 2020 (1,338 incidents), recent data from Network Assured reveals. Next up, New York is the second worst state for data breaches with 618 incidents throughout the same time period, whereas Texas is in third place with 581. Utah doesn’t even make the top ten — which is good news for Park City residents. Although there’s no way to guarantee personal data will ever be 100% safe once shared, Park City residents should get proactive about data privacy, and take key steps to keep theirs as secure as possible. So, to start, always check the URL of any website visited begins with a padlock symbol and “https.” This indicates the site is secure and it’s safe to share personal data. Otherwise, if you enter sensitive information on a plain HTTP site, it can technically now be exposed and accessible to hackers and malicious actors.  Similarly, it’s also safer to avoid free public wifi, as most of these networks typically have little security protections in place. That means anyone else on the network will find it relatively easy to access your activity. So only make purchases or enter personal information on your secure, home network. It’s also essential to give out your Social Security number only when really necessary — usually for employment, medical payments, or certain financial transactions. Once they get a hold of people’s SSNs, scammers can use them to access bank accounts or steal identities. And the main way hackers gain unauthorized access to SSNs is due to data breaches among the organizations that store these details. So, if you keep the number of times you share your SSN to a minimum, this will lower the likelihood of your details being exposed in a breach. Philips ultimately wants the recent audit to have a positive impact on privacy compliance, so the results will improve in the next assessment. “I hope to see significant improvement of compliance when we reassess,” she said. “I especially want to see an increase in compliance with government entities that pose a higher-risk level. Being transparent about how personally-identifiable information is collected, used, shared and protected can build the public’s trust in Utah’s government entities.” Briana Hilton spent almost 10 years working in city planning for Salt Lake City Corp. before returning to Park City and starting a family. The post Guest Editorial: Two-thirds of state government doesn’t comply with privacy laws appeared first on Park Record.