House advances state data‑privacy bill limiting government transfer of personal data

Cheyenne — The Committee of the Whole recommended passage of Senate File 20, a bill intended to create baseline data‑privacy standards for government entities and restrict government transfers of personal data without the written consent of the person whose data are at issue.

Sponsor Representative Singh told members the bill prohibits a government entity from "purchase[ing], sell[ing], trade[ing], or transfer[ring] personal data without the expressed written consent of the natural person" except where federal law (including HIPAA and FERPA) allows it. He said the measure requires agencies to adopt public data‑use policies or otherwise adhere to the bill’s baseline.

Members asked about judicial records, data‑breach notification and whether transfers among government entities (including to federal authorities) or to private contractors would be included. Representative Lee asked whether judicial‑records carve‑outs were included; Representative Singh responded that the bill addresses government‑to‑government interactions and does not change intra‑agency practices for individual collections. Representative Rodriguez Williams and others asked about broad exemptions and safeguards around contractor sharing; Representative Singh stated the bill prevents government from transferring personal data to third parties absent authorization.

Representative Yin characterized the bill as effectively a government‑transparency measure, saying that it requires agencies either to meet the baseline in statute or adopt a public policy describing their data practices so the public knows how agencies handle personal information.

The Committee of the Whole recommended passage by voice vote; numeric tallies were not recorded in the transcript.

Next steps: Committee report was adopted on the House floor and the bill advances according to normal legislative steps.