Utah Law Enforcement Must Now Obtain a Search Warrant to Access Electronic Data

The warrant requirement applies to data stored on electronic devices, as well as data in the hands of designated third-party service providers such as email providers, social media companies, and cloud storage providers. The law arguably covers all types of data maintained in electronic form.

Background

The measure comes on the heels of last year’s 5-4 US Supreme Court decision in Carpenter v. United States, which held that the government’s acquisition of cell phone location information from a wireless carrier was a Fourth Amendment search requiring a warrant supported by probable cause. The Utah law now goes one step further in granting individuals the same expectation of privacy in all of their electronic information or data when law enforcement seeks to access that data.

Under the new law, “electronic information or data” is broadly defined as “information or data including a sign, signal, writing, image, sound, or intelligence of any nature transmitted or stored in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system.” The definition includes “the location information, stored data or transmitted data of an electronic device.” This means that information stored in electronic files, mobile devices, and other computerized databases, including the signals and technical systems that create such information, will be protected under Utah law. Additionally, after executing a warrant, law enforcement must notify the owner of the data within 14 days of obtaining the data or up to an additional 60 days upon court approval.

While offering large protections, the law does contain several exceptions to the warrant requirement. These include, for example, where (a) a judicially recognized exception applies (e.g., exigent circumstances), (b) the owner of the data gives informed consent, or (c) the “subscriber or customer” of a third-party service provider “voluntarily discloses” the data in a “publicly accessible” manner. All electronic data obtained by law enforcement in violation of the new law will be subject to exclusion from legal proceedings as if it were obtained in violation of the United States Constitution and the Utah Constitution.

The new provisions are expected to become effective in May 2019.

What’s the Takeaway?

This new legislation serves as a reminder that companies should have in place policies and procedures for responding to government requests for electronic data. Following Carpenter on the federal level and this new legislation in Utah (which may inspire legislation in other states), businesses should be aware that electronic data may be subject to additional protections when sought by law enforcement. Internal personnel managing electronic data should be trained to flag legal counsel when receiving a government access request.