State Privacy Auditor

Main image

Nora Kurzova was appointed as Utah’s first State Privacy Auditor by State Auditor Tina Cannon, confirmed by the Senate in February 2025. Before joining the State of Utah in 2022, Nora served as Global Head of Privacy at Packeta Group and MetLife, and as Chief Privacy and Records Officer at Tyco International. She began her career in anti-corruption and investigations. Nora holds a Master’s and a doctoral degree in law from Charles University in Prague, and an LL.M. in international law from the University of Greenwich. She is a Certified Information Privacy Professional, Privacy Auditor, Change Management Professional, and holds a Security+ certification. A recognized speaker on privacy—especially data deletion and privacy as a human right—she also enjoys creative writing and filmmaking.

Nora Kurzova Nomination Letter, January 27,2025
Appointment Letter from Committee Chair Winterton, Feb 5, 2025

Second image

State Privacy Auditor Duties

The State Privacy Auditor focuses on identifying high-risk data processing activities across the state and Audits more than 1,500 government entities promoting privacy protection as an essential component and best practice across Utah. Per Utah Code, the Utah State Privacy Auditor works under the Utah State Auditor conducting privacy-focused audits and reviews of government data collection. Privacy Audits are shared and maintained through the Office of the Utah State Auditor. See Utah Code § 67‐13‐3(2)(a).

Mission

Protect individual privacy as a fundamental human right by auditing privacy practices across government in Utah and identifying areas of high risk

Core Values

  • Integrity
  • Transparency
  • Accountability

Key Responsibilities

  • Compile Practices: Gather and document information
  • Ensure Transparency: Maintain a public repository of privacy practices on the State Auditor’s website
  • Training & Standards: Provide training and establish data privacy auditing standards
  • Audit Requests: Accept and process requests from individuals to audit specific entities
  • Identify High-Risk Practices: Conduct annual assessments to flag entities posing the greatest privacy risk
  • Conduct Audits: Perform audits focused on high-risk practices
  • Recommend Reforms: Issue recommendations to entities and legislative bodies when audits reveal significant privacy concerns

Get Involved

To get involved please contact us via email at privacy@utah.gov or subscribe to our newsletter.

State Privacy Auditor Team