The City prioritizes privacy and data security. The privacy policy outlines the City’s commitment to safeguarding personal data in compliance with applicable laws and regulations as well as the Utah Fundamental Privacy Principles.
Definitions:
Personal Data Information that is linked or can be reasonable linked to an identified individual or an identifiable individual.
Processing An operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, access, retrieval consultation, use, disclosure by transmission, transfer, dissemination, alignment, combination, restriction, erasure, or destruction.
Sale of Data The exchange of personal data for monetary consideration by a governmental entity to a third party.
General Rules
Each City employee, volunteer, contractor, or other person providing services to the City who has access to personal data is obligated to follow this policy and adhere to the Utah Fundamental Privacy Principles.
Each person with access to personal data is obligated, to the best of their ability, to only work with the minimal amount of data needed, and to protect the data they have been entrusted with, to ensure data is not inappropriately shared or exposed and to prevent over-collection and over-retention.
Each person with access to personal data will receive training both at the start of employment or work with the City and on at least an annual basis thereafter.
Each person with access to personal data is responsible for reporting personal data incidents or other adverse events they observe to their manager or IT department head without delay.
Each person with access to personal data is only allowed to access data to which they have a legitimate need to know and report to their manager or IT director if they believe they have wider access than needed.
Persons with access to personal data are not permitted to engage in sale of personal data unless it is required by law. Fees charged for access to records are not considered sale of personal data.
Data Collection and Usage
The City collects and process personal data only for specific, lawful purposes and follows the Utah Fundamental Principles for Data processing.
Personal data ill only be used solely for the purpose it was collected, unless consent or legal obligations require otherwise.
The City does not sell or otherwise monetize personal data.
Personal data is deleted once its retention period expires and the data is no longer needed.
Data Access and Sharing
Access to personal data is restricted to authorized personnel.
The City shares personal data with third parties only when necessary and in compliance with data protection regulations and under contracts that include necessary data security requirements.
Data Retention
The City retains personal data only as long as needed for its intended purpose or as legally required.
The City generally adheres to state retention schedules available from the Utah Division of Archives and Records Service.
Data Security
We employ security measures to protect personal data, including encryption and access controls.
Those security measures include those required under applicable law including Utah Government Records Access Management Act (GRAMA), the Utah Government Data Privacy Act, and HIPPA. Hard copies of records are kept in secure, employee only areas of City facilities. Electronic data is stored in accordance with best practices.
Data Subject Rights
Individuals have rights under respective laws, such as GRAMA, that may include access, rectification, erasure, data portability, and objection to data processing rights.
Data Breach Response
The City has procedures to detect, report, and respond to data breaches promptly, including notifying affected individuals and authorities.
These procedures include the following:
The Designated Security Officer (DSO) or Incident Response Team (IRT) will evaluate any suspected or alleged data breach within 24 hours to confirm whether a breach has occurred, the scope of the breach, and the type of personal data involved.
Upon confirming a breach, City will isolate affected systems from the network to prevent further exposure, disable compromised accounts or devices, implement measures to stop unauthorized access or data extraction, apply security patches or updates to affected systems, resent compromised credentials, continuously monitor systems for signs of ongoing threats.
City will ensure notification is provided to affected individuals.
The IRT will investigate the breach to identify vulnerabilities or gaps in security protocols.
Systems and services will be restored only after confirming the breach is fully contained and vulnerabilities addressed.
Post-incident review will evaluate the effectiveness of the response and identify areas for improvement.
Continuously update security policies and protocols and provide up to date training to employees.
Privacy Officer
Privacy Officer oversees data protection and privacy compliance, monitors the privacy program, responses to data privacy complaints and serves as a point of contact for an individual’s privacy rights. Our Privacy Officer can be contacted at: tangee.sloan@westjordan.utah.gov or (801) 569-5116.
Information Security Officer
An Information Security Officer (ISO) oversees the protection of an organization’s computers systems and data from cyber threats. They implement security measures, monitor systems for breaches and ensure compliance with security standards and regulations. Our Security Officer can be contacted at: Philip.pedroza@westjordan.utah.gov; 801-569-5250
Training and Awareness
The City provides employees training on data protection responsibilities.
Employees receive security and privacy training within 60 days of starting a new role and at least annually thereafter.
Compliance Monitoring
The City regularly reviews and updates privacy policies (at least annually) to ensure compliance with respective laws.
Questions and Contact Information For questions or concerns, email communications@westjordan.utah.gov.
The City of West Jordan (“City”) provides this Privacy Policy Statement (the “Statement”) in compliance with Utah Code § 63D-2-103. The City is committed to protecting your privacy. This Statement explains how the City handles your information when you visit the City’s website. The City wants you to understand how your data may be collected, used, and secured. The City safeguards your data and does not monetize it or improperly share it.
Who We Are and How to Reach Us
The City operates this governmental website.
If you have any questions or concerns, you can contact the City:
By phone: 801-569-5100 By email: communications@westjordan.utah.gov
In person: 8000 S. Redwood Rd., West Jordan, Utah 84088
What Information We Collect
Some information is automatically collected when you the City’s website. The information automatically collected may include:
· the domain name of your Internet Service Provider and/or your computer
· the IP address from which you access our website
· your browser type (e.g., Google Chrome, Internet Explorer, or Mozilla Firefox)
· your operating system (e.g., Windows, Mac, Android)
· the type of device you are using
· the date and time you accessed our services
· location data
· the pages you visited, as well as any applications or forms used, and
· the Uniform Resource Locator (“URL”) of the webpage that linked you to our Services.
Some online City services allow users to submit suggestions, comments, or requests through email or by filling out an online form. If a user submits makes a submission, the City may obtain personally identifiable information such as name and email address.
Some City services involves the creation of user accounts. Creating an account may involve the submission of personally identifiable information. This could include a username, password, email address, mailing address, telephone number, full name, employment and training history, etc.
How We Use Your Information
The City does not collect this information to provide targeted advertising. The City collects this information in order to provide, better analyze, and improve City services and to track and analyze online traffic.
Disclosure Practices
The City does not sell personal data. When necessary, the City shares personal data with third party vendors who assist in providing City services and when compelled by applicable law including court subpoenas and the Utah Government Records Access Management Act (GRAMA).
Access and Corrections
You may request to see your personal data maintained by the City in accordance with GRAMA and other applicable law. You may request that the City correct inaccuracies in your personal data. In certain circumstances, you may request that the City deletes your personal data.
An individual’s refusal to provide personal data may result in the City’s inability to provide services, including vital utilities.
For more detailed information, please visit our Privacy Policy Statement. For additional questions contact the City by sending an email to communications@westjordan.utah.gov or by calling 801-569-5100.
Keeping Your Information Secure
The City implements adequate security measures including those required under applicable law including GRAMA, the Utah Government Data Privacy Act, and HIPPA. Hard copies of records are kept in secure, employee only areas of City facilities. Electronic data is stored in accordance with best practices.
Note on Records Classification
Personally identifiable information is not a classification of records under GRAMA. GRAMA governs access to government records.
Review of this notice
The City wants you to feel comfortable using our services, knowing that your privacy is respected and protected. The City welcomes your feedback on this notice, which is reviewed regularly.
Last revision:
8 January 2025
