Utah Administrative Code
The Utah Administrative Code is the body of all effective administrative rules as compiled and organized by the Division of Administrative Rules (Subsection 63G-3-102(5); see also Sections 63G-3-701 and 702).
NOTE: For a list of rules that have been made effective since January 1, 2015, please see the codification segue page.
NOTE TO RULEFILING AGENCIES: Use the RTF version for submitting rule changes.
R152. Commerce, Consumer Protection.
Rule R152-39. Child Protection Registry Rules.
As in effect on January 1, 2015
Table of Contents
- R152-39-1. Authority and Purpose.
- R152-39-2. Definitions.
- R152-39-3. Information Required to Register.
- R152-39-4. Information Required to Verify Compliance.
- R152-39-5. Compliance.
- R152-39-6. Discounted Fee.
- Date of Enactment or Last Substantive Amendment
- Notice of Continuation
- Authorizing, Implemented, or Interpreted Law
Pursuant to Utah Code Section 13-39-203, these rules (R152-39) are intended to establish the procedures under which:
(1) a person may register a contact point with the registry; and
(2) a marketer may verify compliance with the registry.
As used in these rules (R152-39):
(1) "Contact point" is as defined in Utah Code Section 13-39-102.
(2) "Division" is as defined in Utah Code Section 13-39-102.
(3) "Marketer" means a person described in Utah Code Section 13-39-201(4).
(4) "Provider" means the third party with whom the Division has contracted, pursuant to Utah Code Section 13-39-201(1)(b), to establish and secure the registry.
(5) "Registry" is as defined in Utah Code Section 13-39-102.
(1) A person desiring to register a contact point with the registry shall provide the following information to the provider:
(a) the contact point the person desires to register;
(b) an affirmation that:
(i) the contact point belongs to a minor;
(ii) a minor has access to the contact point; or
(iii) the contact point is used in a household in which a minor is present;
(c) an affirmation that the minor referenced in R152-39-3(1)(b) is a Utah resident; and
(d) an affirmation that the person registering the contact point is:
(i) the minor referenced in R152-39-3(1)(b); or
(ii) a parent or guardian of the minor referenced in R152-39-3(1)(b).
(2) A contact point may not become a part of the registry until the provider sends a message to the contact point informing the user of the contact point:
(a) the contact point has been registered; and
(b) the process for removing the contact point from the registry.
(3) A school or institution desiring to register a domain name shall provide verification to the provider that:
(a) the school or institution primarily serves minors; and
(b) the school or institution owns the domain name being registered.
A marketer desiring to verify compliance with the registry shall provide the following information to the provider before the provider compares the marketer's contact point list against the registry:
(1) the name, address, and telephone number of the marketer;
(2) the specific legal nature and corporate status of the marketer;
(3) the name, address, and telephone number of a natural person who consents to service of process for the marketer; and
(4) an affirmation that the person described in R152-39-4(3) understands that improper use of information obtained from the registry is a second degree felony.
(1) After a marketer has complied with R152-39-4 and paid the fee established by the Division under Section 13-39-201(4)(b), the marketer may check the marketer's contact point list with the provider according to the privacy and security measures implemented by the provider.
(2) After a marketer has complied with R152-39-5(1) and paid the fee established by the Division under Section 13-39-201(4)(b), the provider shall, according to the privacy and security measures implemented by the provider, remove from the marketer's list of contact points any contact points that are contained on the registry.
(3)(a) A marketer who desires to utilize the provisions of Subsection 13-39-202(4) shall:
(i) provide the Division with a detailed description of the methods the marketer intends to use to verify compliance with Subsection 13-39-202(4); and
(ii) agree to provide to the Division, at any time upon request by the Division, copies of all documentation relating to the marketer's compliance with Subsection 13-39-202(4).
(b) Within thirty calendar days after a marketer complies with R152-39-5(3)(a), the Division shall inform the marketer in writing whether the Division considers the marketer's methods sufficient to verify compliance with Subsection 13-39-202(4).
(c)(i) Approval of a verification method for compliance with Subsection 13-39-202(4) does not prevent the Division from investigating further whether the approved verification method actually guarantees compliance with Subsection 13-39-202(4).
(ii) The Division may revoke an approval granted pursuant to R152-39-5(3) upon a finding that the verification method does not adequately guarantee compliance with Subsection 13-39-202(4).
(1) In order for senders to qualify for the discounted fee schedule established pursuant to Subsection 13-39-203(3)(a), a sender must agree to be subject to enhanced security criteria for each subsequent list that they may submit to the state's compliance mechanism. To meet these criteria, senders must affirmatively agree that their scrubbing tasks may be stopped if a particular task deviates from a statistically normal baseline.
(2) The statistical baseline used for comparison will be based on the senders' past histories as well as the totality of the histories of senders that have used the compliance mechanism to scrub their lists.
(3) To restart a task and retrieve the results, senders whose tasks have been stopped must confirm that they in fact initiated the task and that the list submitted is not an attempt to abuse the registry mechanism. Depending on the amount of the deviation from the baseline, this confirmation may come from a telephone call to a pre- established phone number, completing information online, or sending an e-mail to a customer support representative.
(4) The Division, or its appointed representative, shall have discretion in allowing the retrieval of tasks if the confirmation does not resolve the security concerns.
consumer protection, e-mail, minors, advetising
December 11, 2006
April 29, 2010
For questions regarding the content or application of rules under Title R152, please contact the promulgating agency (Commerce, Consumer Protection). A list of agencies with links to their homepages is available at http://www.utah.gov/government/agencylist.html or from http://www.rules.utah.gov/contact/agencycontacts.htm.