The state of Utah collects our private, identifiable information directly when we apply for government services. It also collects huge amounts of our most sensitive personal and medical information from a wide range of outside sources. Once the state has our information, it uses it as it sees fit with an appalling lack of transparency. In fact, when it comes to handling our personal information the state of Utah deserves an “F.”

The state routinely shares our highly sensitive personal identifiable and medical information for purposes that have nothing to do with the reason the data was originally collected. When asked, state agencies are frequently unable and/or unwilling to tell us what information they have on us and with whom they are sharing it. Furthermore, it is not always clear what authority state agencies have that allows them to share our information without our prior written consent.

Most of us don’t know that our health insurance claims are entered into the Department of Health and Human Services’ All Payer Claims Database. This includes our insurance billings complete with diagnostic codes that reveal the reason for the visit — an ingrown toenail, a vaccination or a very personal procedure. This database also includes our pharmacy and dental claims.

We are not told that identifiable records related to cancer, birth defects, autism, etc. are given to the University of Utah. Our driver’s license records complete with our birth dates, mothers’ maiden names, gender and social security numbers are also given to the “U” and all of these records are maintained in the Utah Population Database. This information may then be made available to academic researchers without our knowledge or consent.

The state also sells the Utah Voter Database and unless we have made our records at least semi-private, our information is then posted to voterrecords.com complete with a map to our residences and a list of our neighbors with links to their information. In addition, with limited exceptions, any declared candidate or political party can buy our voter registration information complete with our birth year. They then give our information to their volunteers, contractors, signature gatherers, etc. even if we check the box to make our records private. The “U” also receives this information. In addition, the lieutenant governor’s office gives our voter registration and drivers license information to a nonprofit organization that purportedly helps “states improve the accuracy of America’s voter rolls” regardless of whether we have made our records private or not.

The sharing of our personal identifiable information has important implications for each of us. Every time the state shares records containing our information without our explicit consent, it puts us at risk. These records are now in more databases and in more hands making it more likely that our information will be lost in a cyberattack or misused, and that can adversely affect everything from our careers to our personal safety.

Theoretically, we can find what specific records a state agency holds on us and whom they are sharing them with but the process for doing that is cumbersome and heavily weighed against us.

Unfortunately, the Legislature sees our personal identifying and medical information as something to be shared far and wide without our consent while Gov. Cox appears to be severely conflicted on privacy issues. For example, in February, Cox issued an executive order to improve data sharing among state agencies. In March, he signed H.B. 303, which requires Utah voters who had previously made their personal identifying and voting information private to give key elements of it to the political parties, candidates and to all of their contractors, volunteers, consultants, etc. Then in April, Cox issued another order “directing Utah’s chief privacy officer to create a strategic plan to safeguard the personal information of Utahns.”

As Utahns, we have a right to expect that the state of Utah will protect the personal and medical information that it collects on us and that it will only use our information for the specific purpose it was obtained. After all, the state’s role is to protect our information, not to spread it far and wide.

Ronald Mortensen, Ph.D., is a retired United States Foreign Service officer and humanitarian. He has written extensively on privacy and advocates for the state to stop selling and sharing our information without our consent. Judith Pinborough-Zimmerman, Ph.D., works to stop the misuse of our health-related records collected by the state. Her request to obtain information about her identifiable records that the Department of Health and Human Services shared with third parties was denied.

Newsletter