KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We start with Wyoming, keep the source links front and center, and leave the decision up to you.

Back to Wyoming

SF0020 • 2026

Data privacy-government entities.

AN ACT relating to the administration of the government; requiring government entities to adopt policies for the collection, access, security and use of personal data as specified; requiring specific personal data policies; providing definitions; specifying applicability; and providing for effective dates.

Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
BlockChain/Technology
Last action
2026-03-06
Official status
enrolled
Effective date
3/6/2026

Plain English Breakdown

The candidate statement about limiting the ability of government entities to buy, sell, trade, or transfer personal data without consent was removed because it is not fully supported by the official source material. The bill does limit such activities but includes exceptions and conditions that were not specified in the original claim.

Data Privacy Rules for Government Entities

This law sets rules for Wyoming government entities on how to handle personal data, including collection, access, security, and use of information.

What This Bill Does

  • Requires government entities to create policies for managing personal data.
  • Limits the ability of government entities to buy, sell, trade, or transfer personal data without consent.
  • Allows Wyoming residents to request copies of their personal data from state government entities.
  • Gives residents the right to file objections if they think their personal data is inaccurate or outdated.
  • Requires government entities to justify keeping personal data beyond three years.

Who It Names or Affects

  • Wyoming government entities
  • Current and former Wyoming residents

Terms To Know

Personal Data
Information that can be linked to a specific person or digital identity.
Deidentified Data
Data that cannot reasonably be used to identify an individual.

Limits and Unknowns

  • Does not apply to law enforcement agencies and the judicial branch.
  • Some parts of the act have delayed effective dates, such as July 1, 2027 for certain policies.
  • The rules do not override other state or federal laws.

Bill History

  1. 2026-03-06 LSO

    Assigned Chapter Number 48

  2. 2026-03-06 Governor

    Governor Signed SEA No. 0032

  3. 2026-03-03 House

    H Speaker Signed SEA No. 0032

  4. 2026-03-02 Senate

    S President Signed SEA No. 0032

  5. 2026-03-02 LSO

    Assigned Number SEA No. 0032

  6. 2026-03-02 Senate

    S Concur:Passed 28-3-0-0-0

  7. 2026-03-02 Senate

    S Received for Concurrence

  8. 2026-02-27 House

    H 3rd Reading:Passed 34-25-3-0-0

  9. 2026-02-26 House

    H 2nd Reading:Passed

  10. 2026-02-25 House

    H COW:Passed

  11. 2026-02-25 House

    H Placed on General File

  12. 2026-02-25 House

    H09 - Minerals:Recommend Do Pass 8-0-1-0-0

  13. 2026-02-24 House

    H Introduced and Referred to H09 - Minerals

  14. 2026-02-20 House

    H Received for Introduction

  15. 2026-02-20 Senate

    S 3rd Reading:Passed 30-1-0-0-0

  16. 2026-02-19 Senate

    S 2nd Reading:Passed

  17. 2026-02-18 Senate

    S COW:Passed

  18. 2026-02-16 Senate

    S Placed on General File

  19. 2026-02-16 Senate

    S09 - Minerals:Recommend Amend and Do Pass 3-2-0-0-0

  20. 2026-02-09 Senate

    S Introduced and Referred to S09 - Minerals 31-0-0-0-0

  21. 2026-01-05 Senate

    S Received for Introduction

  22. 2025-12-11 LSO

    Bill Number Assigned

Official Summary Text

Bill Summary - 26LSO-0012

Bill No.:

SF0020

Effective:

Multiple Dates

LSO No.:

26LSO-0012

Enrolled Act No.:

SEA No. 0032

Chapter No.:

48

Prime Sponsor:

Select Committee on Blockchain, Financial Technology and Digital Innovation Technology

Catch Title:

Data privacy-government entities.

Has Report:

No

Subject:

Data privacy by government entities.

Summary/Major Elements:

This act provides broadly applicable requirements for the handling of personal data within government entities, except for law enforcement and the judicial branch of government and specifies that to the extent that a provision of this act conflicts with another provision of state or federal law, the other provision shall control.

This act prohibits government entities from purchasing, selling, trading, or transferring personal data except under certain express conditions or exceptions.

This act requires government entities to adopt policies for the management of personal data and justify the retention of personal data beyond three (3) years.

This act provides a process for a current or former Wyoming resident or the resident's legally authorized representative to request copies of their personal data and to file objections regarding the accuracy, completeness, pertinence, timeliness, relevance, retention, dissemination or denial of access to the personal data that is maintained by a state government entity.

Comments:

Section 2 of this act requiring government entities to adopt policies for the management of personal data has a delayed effective date of July 1, 2027.

The above summary is not an official publication of the Wyoming Legislature and is not an official statement of legislative intent.

While the Legislative Service Office endeavored to provide accurate information in this summary, it should not be relied upon as a comprehensive abstract of the bill.

Current Bill Text

Read the full stored bill text 
26LSO-0012

ORIGINAL Senate

ENGROSSED
File No
.
SF0020

ENROLLED ACT NO. 32,

SENATE

SIXTY-EIGHTH LEGISLATURE OF THE STATE OF WYOMING
2026 Budget Session

AN ACT relating to the administration of the government; requiring government entities to adopt policies for the collection, access, security and use of personal data as specified; requiring specific personal data policies; providing definitions; specifying applicability; and providing for effective dates.

Be It Enacted by the Legislature of the State of Wyoming:

Section 1
.

W.S. 9
‑
21
‑
201 and 9
‑
21
‑
202 are created to read:

ARTICLE 2
DATA PRIVACY
‑
GOVERNMENT ENTITIES

9
‑
21
‑
201.

Definitions.

(a)

As used in this article:

(i)

"Deidentified data" means data that cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable natural person or personal digital identity or a device linked to a natural person or personal digital identity;

(ii)

"Government entity" means the state and all its political subdivisions, agencies, instrumentalities and institutions and any local government entity. "Government entity" shall not include the judicial branch of government or any law enforcement agency in Wyoming;

(iii)

"Identified or identifiable natural person" means a natural person who can be readily identified, directly or indirectly, by reference to an identifier such as a name, an identification number, specific geolocation data or an online identifier;

(iv)

"Law enforcement agency" means a county, municipal, college or university police force, Wyoming highway patrol, the division of criminal investigation, the department of corrections, the game and fish department when acting within its law enforcement capacity or any state or local agency or political subdivision or part of an agency or political subdivision to the extent that the primary purpose of the agency or political subdivision, or part thereof, is the prevention or investigation of crime or the enforcement of penal, traffic, regulatory or criminal laws. "Law enforcement agency" shall not include the office of any city, county or district attorney or other division of the attorney general;

(v)

"Personal data" means information that is linked or reasonably linkable to an identified or identifiable natural person or personal digital identity and does not include deidentified data;

(vi)

"Personal digital identity" means as defined in W.S. 8
‑
1
‑
102(a)(xviii).

9
‑
21
‑
202.

Limitations on personal data by government entities; conflict of laws.

(a)

No government entity shall purchase, sell, trade or transfer personal data without the express written consent of the natural person whom the personal data references except as otherwise expressly provided by law and except that:

(i)

A government entity may transfer personal data to another government entity provided that the other government entity complies with this article;

(ii)

A government entity may transfer personal data to a nongovernment entity contracted by the government entity to provide or assist with government services provided by the government entity. Any contract for services with a nongovernment entity shall include requirements for the protection of personal data consistent with this article. Any personal data transferred pursuant to this paragraph shall be returned or destroyed by the nongovernment entity once the personal data is no longer necessary for the provision of the government service. No nongovernment entity shall maintain, sell, transfer, process or otherwise use the personal data in any manner except as necessary to provide the contracted service;

(iii)

A government entity may petition the elected governing person or body with authority over the government entity for an exception to this subsection on a case by case basis. The elected governing person or body, in the elected governing person's or body's discretion, may publicly approve in writing an exception to this subsection not to exceed a term of two (2) years per petition; and

(iv)

Nothing in this subsection shall be construed to prohibit the transfer of personal data that is transferrable pursuant to the Health Insurance Portability and Accountability Act or the Family Education Rights and Privacy Act.

(b)

Any current or former Wyoming resident or the resident's legally authorized representative may request a copy of their personal data from any government entity maintaining it.

The government entity may charge a fee for production of the requested personal data consistent with fees authorized to be charged under the Wyoming Public Records Act, W.S. 16
‑
4
‑
201 through 16
‑
4
‑
205.

(c)

A current or former Wyoming resident or the resident's legally authorized representative who objects to the accuracy, completeness, pertinence, timeliness, relevance, retention, dissemination or denial of access to the resident's own personal data that is maintained by a government entity may, individually or through a duly authorized representative, file an objection with the government entity that maintains the data. The government entity maintaining the personal data shall, within sixty (60) days of the receipt of an objection:

(i)

Verify the identity of the current or former Wyoming resident or the resident's legally authorized representative who filed the objection with the government entity;

(ii)

Review the validity of the objection;

(iii)

If the objection is found to be meritorious after review, alter the contents of, or the methods for holding, or the dissemination or use of the personal data, or delete or grant access to it;

(iv)

If the objection is found to lack merit after review, provide the resident the opportunity to have a statement reflecting the resident's views maintained with the personal data in question;

(v)

Notify the resident in writing of any decision regarding the resident's objection.

(d)

To the extent that a provision of this article conflicts with another provision of state or federal law, the other provision shall control. Nothing in this article shall be construed to abrogate any disclosure of data or public records under the Wyoming Public Records Act, W.S. 16
‑
4
‑
201 through 16
‑
4
‑
205.

Section 2.

W.S. 9
‑
21
‑
203 is created to read:

9
‑
21
‑
203.

Personal data collection and retention by government entities.

(a)

In addition to the policies required under W.S. 9
‑
21
‑
101, if applicable, each government entity that collects or retains personal data shall adopt, enforce and maintain a policy regarding the collection, access, retention, security and use of personal data consistent with all applicable federal and state laws, including this article.

(b)

No government entity shall collect or maintain more personal data than is reasonably necessary for the performance of the government entity's lawful functions. All personal data collected and maintained by government entities shall be necessary for a specific purpose identified in the adopted policies of the government entity.

(c)

No government entity shall maintain personal data for longer than three (3) years without a written policy identifying the extended retention period and providing a reasonable justification for the extended retention period. Statutory retention requirements provided for in W.S. 9
‑
2
‑
405 through 9
‑
2
‑
413 constitute a reasonable justification.

(d)

A government entity to which the Health Insurance Portability and Accountability Act or the Family Education Rights and Privacy Act applies that is compliant with a written data collection and retention policy that meets the requirements of the Health Insurance Portability and Accountability Act or the Family Education Rights and Privacy Act shall be deemed compliant with this section.

Section 3.

Not later than January 1, 2027, the state chief information officer in consultation with the state archivist shall develop sample policies for use by all government entities as defined by W.S. 9
‑
21
‑
201(a)(ii).

Section 4.

W.S. 9
‑
21
‑
203 as created by section 2 of this act shall be effective as to counties, cities, public institutions of higher education or towns on July 1, 2028 and as to each political subdivision of the state other than state agencies, counties, cities, public institutions of higher education or towns on July 1, 2029. All government entities as defined by W.S. 9
‑
21
‑
201(a)(ii) shall adopt any necessary policies and procedures to meet the requirements of this act.

Section 5
.

(a)

Section 2 of this act is effective July 1, 2027
.

(b)

Sections 1, 3, 4 and 5 of this act are effective immediately upon completion of all acts necessary for a bill to become law as provided by Article 4, Section 8 of the Wyoming Constitution.

(END)

Speaker of the House

President of the Senate

Governor

TIME APPROVED: _________

DATE APPROVED: _________

I hereby certify that this act originated in the Senate.

Chief Clerk

1