Utah • Lex Graph

13-39 - Child Protection Registry

8 min read

13-39 - Child Protection Registry

Title 13 > 13-39

Sections (9)

General Provisions

13-39-101 - Title.

This chapter is known as the “Child Protection Registry.”

Enacted by Chapter 338, 2004 General Session

13-39-102 - Definitions.

As used in this chapter:

(1) “Attorney general” means the same as that term is defined in Section 77-42-102.

(2) “Contact point” means an electronic identification to which a communication may be sent, including: an email address;an instant message identity, subject to rules made by the unit under Subsection 13-39-203(1);a mobile or other telephone number;a facsimile number; oran electronic address:similar to a contact point listed in this Subsection (2); anddefined as a contact point by rule made by the unit under Subsection 13-39-203(1).

(3) “Registry” means the child protection registry established in Section 13-39-201.

(4) “Unit” means the Internet Crimes Against Children unit within the Office of the Attorney General created in Section 67-5-21.

Amended by Chapter 356, 2019 General Session

Operation of the Child Protection Registry

13-39-201 - Establishment of child protection registry.

(1) The unit shall: establish and operate a child protection registry to compile and secure a list of contact points the unit has received pursuant to this section; orcontract with a third party to establish and secure the registry described in Subsection (1)(a).

(2) A person may register a contact point with the unit pursuant to rules established by the unit under Subsection 13-39-203(1) if:the contact point belongs to a minor;a minor has access to the contact point; orthe contact point is used in a household in which a minor is present.A school or other institution that primarily serves minors may register its domain name with the unit pursuant to rules made by the unit under Subsection 13-39-203(1).The unit shall provide a disclosure in a confirmation message sent to a person who registers a contact point under this section that reads: “No solution is completely secure. The most effective way to protect children on the Internet is to supervise use and review all email messages and other correspondence. Under law, theft of a contact point from the Child Protection Registry is a second degree felony. While every attempt will be made to secure the Child Protection Registry, registrants and their guardians should be aware that their contact points may be at a greater risk of being misappropriated by marketers who choose to disobey the law.”

(3) A person desiring to send a communication described in Subsection 13-39-202(1) to a contact point or domain shall: use a mechanism established by rule made by the unit under Subsection 13-39-203(2); andpay a fee for use of the mechanism described in Subsection (3)(a) determined by the unit in accordance with Section 63J-1-504.

(4) The unit may implement a program to offer discounted compliance fees to senders who meet enhanced security conditions established and verified by the division, the third party registry provider, or a designee.

(5) The contents of the registry, and any complaint filed about a sender who violates this chapter, are not subject to public disclosure under Title 63G, Chapter 2, Government Records Access and Management Act.

(6) The state shall promote the registry on the state’s official Internet website.

Amended by Chapter 356, 2019 General Session

13-39-202 - Prohibition of sending certain materials to a registered contact point — Exception for consent.

(1) A person may not send, cause to be sent, or conspire with a third party to send a communication to a contact point or domain that has been registered for more than 30 calendar days with the unit under Section 13-39-201 if the communication:has the primary purpose of advertising or promoting a product or service that a minor is prohibited by law from purchasing; orcontains or has the primary purpose of advertising or promoting material that is harmful to minors, as defined in Section 76-5c-101.

(2) Except as provided in Subsection (4), consent of a minor is not a defense to a violation of this section.

(3) An Internet service provider does not violate this section for solely transmitting a message across the network of the Internet service provider.

(4) Notwithstanding Subsection (1), a person may send a communication to a contact point if, before sending the communication, the person sending the communication receives consent from an adult who controls the contact point.Any person who proposes to send a communication under Subsection (4)(a) shall:verify the age of the adult who controls the contact point by inspecting the adult’s government-issued identification card in a face-to-face transaction;obtain a written record indicating the adult’s consent that is signed by the adult;include in each communication:a notice that the adult may rescind the consent; andinformation that allows the adult to opt out of receiving future communications; andnotify the unit that the person intends to send communications under this Subsection (4).The unit shall implement rules to verify that a person providing notification under Subsection (4)(b)(iv) complies with this Subsection (4).

Amended by Chapter 173, 2025 General Session

13-39-203 - Rulemaking authority.

In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act , the unit shall make rules to establish procedures under which:

(1) a person may register a contact point with the unit under Section 13-39-201, including:the information necessary to register an instant message identity; andfor purposes of Subsection 13-39-102(2)(e), an electronic address that is similar to a contact point listed in Subsection 13-39-102(2); anda school or other institution that primarily serves minors may register its domain name with the unit under Section 13-39-201;

(2) the unit shall: provide a mechanism under which a person described in Subsection 13-39-201(3) may verify compliance with the registry to remove registered contact points from the person’s communications; andestablish the mechanism described in Subsection (2)(a) in a manner that protects the privacy and security of a contact point registered with the unit under Section 13-39-201; and

(3) the unit may: implement a program offering discounted fees to a sender who meets enhanced security conditions established and verified by the unit, the third party registry provider, or a designee; andallow the third party registry provider to assist in any public or industry awareness campaign promoting the registry.

Amended by Chapter 356, 2019 General Session

Enforcement

13-39-301 - Criminal penalty.

(1) A person who violates Section 13-39-202 commits a computer crime and is guilty of a: class B misdemeanor for a first offense with respect to a contact point registered with the unit under Subsection 13-39-201(2)(a); andclass A misdemeanor:for each subsequent violation with respect to a contact point registered with the unit under Subsection 13-39-201(2)(a); orfor each violation with respect to a domain name registered with the unit under Subsection 13-39-201(2)(b).

(2) A person commits a computer crime and is guilty of a second degree felony if the person: uses information obtained from the unit under this chapter to violate Section 13-39-202;improperly:obtains contact points from the registry; orattempts to obtain contact points from the registry; oruses, or transfers to a third party to use, information from the registry to send a solicitation.

(3) A criminal conviction or penalty under this section does not relieve a person from civil liability in an action under Section 13-39-302.

(4) Each communication sent in violation of Section 13-39-202 is a separate offense under this section.

Amended by Chapter 356, 2019 General Session

13-39-302 - Civil action for violation.

(1) For a violation of Section 13-39-202, an action may be brought by: a user of a contact point or domain name registered with the division under Section 13-39-201; ora legal guardian of a user described in Subsection (1)(a).

(2) In each action under Subsection (1): a person described in Subsection (1) may recover the greater of:actual damages; or$1,000 for each communication sent in violation of Section 13-39-202; andthe prevailing party shall be awarded costs and reasonable attorney fees.

Enacted by Chapter 338, 2004 General Session

13-39-303 - Administrative enforcement.

(1) The attorney general: shall investigate violations of this chapter; andmay bring an action against a person who violates this chapter.

(2) A person who violates this chapter is subject to: a cease and desist order or other injunctive relief; anda fine of not more than $2,500 for each separate communication sent in violation of Section 13-39-202.

(3) A person who intentionally violates this chapter is subject to a fine of not more than $5,000 for each communication intentionally sent in violation of Section 13-39-202.For purposes of this section, a person intentionally violates this chapter if the violation occurs after the attorney general or a district or county attorney notifies the person by certified mail that the person is in violation of this chapter.

Amended by Chapter 356, 2019 General Session

13-39-304 - Defenses.

It is a defense to an action brought under this chapter that a person:

(1) reasonably relied on the mechanism established by the unit under Subsection 13-39-203(2); and

(2) took reasonable measures to comply with this chapter.

Amended by Chapter 356, 2019 General Session

Graph View

Backlinks