DAR File No. 29109

Commerce, Consumer Protection

R152-39

Child Protection Registry Rules

NOTICE OF PROPOSED RULE

DAR File No.: 29109
Filed: 10/06/2006, 01:42
Received by: NL

RULE ANALYSIS

Purpose of the rule or reason for the change:

This rule is amended to reflect changes made to the Child Protection Registry Act as a result of H.B. 417, passed by the Utah State Legislature during the 2006 General Session. Additionally, the rule is amended to establish the procedures called for in Subsection 13-39-202(4) and Subsection 13-39-203(3)(a). (DAR NOTE: H.B. 417 (2006) is found at Chapter 336, Laws of Utah 2006, and was effective 05/01/2006.)

Summary of the rule or change:

The proposed amendment makes changes to the rule to reflect changes made to the Child Protection Registry Act by H.B. 417. The proposed amendment establishes the procedure for a marketer to utilize the provisions of Subsection 13-39-202(4). The proposed amendment also establishes the procedures for senders to qualify for the discounted fee set out in Subsection 13-39-203(3)(a).

State statutory or constitutional authorization for this rule:

Section 13-39-203

Anticipated cost or savings to:

the state budget:

There are no anticipated costs or savings to the state budget. Existing funds will be used.

local governments:

The proposed amendments do not apply to local governments; therefore, no costs or savings are anticipated.

other persons:

The only persons affected by the proposed amendment would be those persons who wish to utilize the provisions of Subsections 13-39-202(4) and 13-39-203(3)(a). Those persons will incur certain costs if they wish to utilize those provisions. Those persons will also derive certain savings if they qualify for the discounted fee offered in Subsection 13-39-203(3)(a).

Compliance costs for affected persons:

There are no increased costs for compliance unless those affected persons wish to utilize the provisions of Subsections 13-39-202(4) and 13-39-203(3)(a).

Comments by the department head on the fiscal impact the rule may have on businesses:

No fiscal impact to business is anticipated as a result of this rule filing beyond those previously addressed in the Legislature's passage of H.B. 417. Francine A. Giani, Executive Director

The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:

Commerce
Consumer Protection
HEBER M WELLS BLDG
160 E 300 S
SALT LAKE CITY UT 84111-2316

Direct questions regarding this rule to:

Thomas Copeland at the above address, by phone at 801-530-6601, by FAX at 801-530-6001, or by Internet E-mail at tcopeland@utah.gov

Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:

12/01/2006

This rule may become effective on:

12/08/2006

Authorized by:

Kevin V Olsen, Director

R152. Commerce, Consumer Protection.

R152-39. Child Protection Registry Rules.

R152-39-3. Information Required to Register.

(1) A person desiring to register [an email address]a contact point with the registry shall provide the following information to the provider:

(a) the [email address]contact point the person desires to register;

(b) an affirmation that:

(i) the contact point belongs to a minor;

(ii) a minor has access to the [email address]contact point; or

(iii) the contact point is used in a household in which a minor is present;

(c) an affirmation that the minor [who has access to the email address]referenced in R152-39-3(1)(b) is a Utah resident; and

(d) an affirmation that the person registering the [email address]contact pointis:

(i) the minor referenced in R152-39-3(1)(b); or

(ii) a parent or guardian of the minor [who has access to the email address]referenced in R152-39-3(1)(b).

(2) [An email address]A contact point may not become a part of the registry until the provider sends a message to the contact point informing the user of the contact point:

(a) [the provider sends an email to the email address]the contact point has been registered; and

(b) [the provider receives a response from the email described in R152-393(2)(a) verifying the person's intention to register the email address]the process for removing the contact point from the registry.

(3) A school or institution desiring to register a domain name shall provide verification to the provider that:

(a) the school or institution primarily serves minors; and

(b) the school or institution owns the domain name being registered.

 

R152-39-4. Information Required to Verify Compliance.

A marketer desiring to verify compliance with the registry shall provide the following information to the provider before the provider compares the marketer's [email]contact point list against the registry:

(1) the name, address, and telephone number of the marketer;

(2) the specific legal nature and corporate status of the marketer;

(3) the name, address, and telephone number of a natural person who consents to service of process for the marketer; and

(4) an affirmation that the person described in R152-39-4(3) understands that improper use of information obtained from the registry is a second degree felony.

 

R152-39-5. Compliance.

(1) After a marketer has complied with R152-39-4 and paid the fee established by the Division under Section 13-39-201(4)(b), the marketer may [submit]check the marketer's [email]contact point list [to]with the provider according to the privacy and security measures implemented by the provider.

(2) After a marketer has complied with R152-39-5(1) and paid the fee established by the Division under Section 13-39-201(4)(b), the provider shall, according to the privacy and security measures implemented by the provider, [inform]remove from the marketer's list of [the email addresses from the marketer's email list]contact points any contact points that are contained [in]on the registry.

(3)(a) A marketer who desires to utilize the provisions of Subsection 13-39-202(4) shall:

(i) provide the Division with a detailed description of the methods the marketer intends to use to verify compliance with Subsection 13-39-202(4); and

(ii) agree to provide to the Division, at any time upon request by the Division, copies of all documentation relating to the marketer's compliance with Subsection 13-39-202(4).

(b) Within thirty calendar days after a marketer complies with R152-39-5(3)(a), the Division shall inform the marketer in writing whether the Division considers the marketer's methods sufficient to verify compliance with Subsection 13-39-202(4).

(c)(i) Approval of a verification method for compliance with Subsection 13-39-202(4) does not prevent the Division from investigating further whether the approved verification method actually guarantees compliance with Subsection 13-39-202(4).

(ii) The Division may revoke an approval granted pursuant to R152-39-5(3) upon a finding that the verification method does not adequately guarantee compliance with Subsection 13-39-202(4).

 

R152-39-6. Discounted Fee.

(1) In order for senders to qualify for the discounted fee schedule established pursuant to Subsection 13-39-203(3)(a), a sender must agree to be subject to enhanced security criteria for each subsequent list that they may submit to the state's compliance mechanism. To meet these criteria, senders must affirmatively agree that their scrubbing tasks may be stopped if a particular task deviates from a statistically normal baseline.

(2) The statistical baseline used for comparison will be based on the senders' past histories as well as the totality of the histories of senders that have used the compliance mechanism to scrub their lists.

(3) To restart a task and retrieve the results, senders whose tasks have been stopped must confirm that they in fact initiated the task and that the list submitted is not an attempt to abuse the registry mechanism. Depending on the amount of the deviation from the baseline, this confirmation may come from a telephone call to a pre-established phone number, completing information online, or sending an e-mail to a customer support representative.

(4) The Division, or its appointed representative, shall have discretion in allowing the retrieval of tasks if the confirmation does not resolve the security concerns.

 

KEY: consumer protection, e-mail, minors, advertising

Date of Enactment or Last Substantive Amendment: [August 16, 2005]2006

Authorizing, and Implemented or Interpreted Law: 13-39