State Data Protection Issues
MBA is providing this resource center to its member companies, state and local real estate finance associations, and partner trade groups to help engage with state policymakers working to strengthen their consumer data protection laws. As part of this debate, it is important to recognize not just the necessity of sharing and validating data in real estate finance, but to also appreciate that this system is already subject to robust federal consumer protection laws and rules. State data protection bills must not unintentionally impede homeownership. To help inform the policy discussion on these issues, MBA provides suggested legislative language for consideration in state bills and other support materials and information.
Please read MBA's Data Protection Principles and MBA's Model Data Protection Amendment.
State Data Privacy
Key
- Enacted Data Privacy Law
- Amendments to Law Introduced
- Active Data Privacy Bill
- No Current Activity
2025 Activity Related to Data Protection Issues
- March 27, 2025: Wisconsin introduces SB 166 with GLBA entity, affiliate and data exemption.
- March 21, 2025: Vermont amends S 71 and expands exemption to GLBA entity and data. Maine carried over LD 1088 / HP 799 with exemptions for GLBA entity, affiliates and data.
- March 19 & 25, 2025: North Carolina files HB 462 & SB 757 for this legislative session. HB 462 only includes GLBA entity exemption while SB 757 provides GLBA entity, affiliate and data level exemptions.
- March 18 & 21, 2025: Pennsylvania introduces HB 78 and SB 112, both including exemptions for GLBA entity, affiliates and data.
- February 27, 2025: Vermont introduces a second data privacy bill, S 93, which includes GLBA entity and data exemptions.
- February 25 & 26, 2025: West Virginia introduces additional data protection legislation, HB 2953, with no industry exemptions only to be followed by the introduction of HB 2987, which contains GLBA entity and data exemptions.
- February 20, 2025: Connecticut introduces SB 1356 which would remove the GLBA entity level exemption from current law and only provide a data level exemption.
- February 18, 2025: Vermont introduces S 71 only providing exemptions for federally or state chartered depositories and GLBA data. **This bill was amended in March 21st
- February 14, 2025: West Virginia introduces HB 3498 with GLBA entity and data level exemptions.
- February 13, 2025: Alabama introduces HB 283, a broad data privacy bill with some auto decision restrictions - and the GLBA entity, affiliate and data exemption.
- February 12, 2025: New Mexico introduces HB 410 with GLBA entity and data level exemptions while Vermont introduces H 208 only providing exemptions for GLBA data and state or federally chartered depositories and their affiliates.
- February 11, 2025: Montana introduces SB 297 which would remove the GLBA entity exemption only for independent mortgage banks, replacing it with GLBA data exemption and an exemption for federally or state charter banks, credit unions, or their affiliates.
- February 6, 2025: Illinois introduces HB 3041 with no industry exemptions.
- February 5, 2025: Georgia introduces SB 111, a broad data privacy bill that includes a GLBA entity, affiliate and data exemption. **Georgia adjourned without passing SB 111
- February 2 and 3, 2025: Oklahoma introduces two broad data privacy bills. HB 1012 includes MBA’s model. exemption for GLBA entities, affiliates and data – while SB 546 only includes exemptions for a GLBA entity and data.
- February 2, 2025: New Mexico introduces HB 307 with no industry exemptions.
- January 27, 2025: Washington introduces HB 1671, a broad data privacy bill with only a GLBA data exemption.
- January 20, 2025: Mississippi introduces SB 2500 with GLBA entity, affiliate and data exemptions while SB 2779 was introduced without any industry exemptions. **Mississippi adjourned without passing either legislation.
- January 17, 2025: Hawaii introduces SB 103 with a GLBA data only exemption. Massachusetts files a draft, SD 2355, for a broad data privacy and artificial intelligence bill that only exempts GLBA data.
- January 12, 2025: Illinois introduces SB 52, a broad data privacy bill exempting only GLBA data.
- January 8, 2025: New York introduced AB 974, a broad data privacy bill with exemptions for only GLBA data.
- December 5, 2025: South Carolina prefiles HB 3401 with GLBA entity and data exemptions.
Data Protection Laws
- California Consumer Privacy Act
- Colorado Privacy Act
- Connecticut Data Privacy Act
- Delaware Personal Data Privacy Act
- Indiana Consumer Data Protection Act
- Iowa Consumer Data Protection Act
- Kentucky Consumer Data Protection Act
- Maryland Online Data Privacy Act
- Minnesota Consumer Data Privacy Act
- Montana Consumer Data Privacy Act
- Nebraska Data Privacy Act
- New Hampshire (SB 255)
- New Jersey (SB 332)
- Oregon Consumer Privacy Act
- Rhode Island Data Transparency & Privacy Protection Act
- Tennessee Information Protection Act
- Texas Data Privacy & Security Act
- Utah Consumer Privacy Act
- Virginia Consumer Data Protection Act
Related MBA Events
-
AI Mortgage Practitioner: April 2025
-
Building Efficiencies into the Mortgage Lending Workflow
-
Key Federal Regulations and Emerging Regulatory Trends for Lead Generation
-
How Local Nonprofits are Transforming Housing Markets: Lessons from CONVERGENCE
-
Cybersecurity in Mortgage, Part I: Review of Recent Trends and the Current Landscape
-
State of the Market: Tech Trends Shaping the Future of Mortgage Lending
-
Defeating New Servicing Challenges with AI and Automation
-
Commercial/Multifamily Finance Servicing and Technology Conference
-
Crisis Communication Playbook: How to Rapidly Respond to Borrowers with Clear & Empathetic Communications During Natural Disasters
-
Cybersecurity in Mortgage, Part II: Ensuring Your Organization is Prepared and Resilient
-
Mastering Commercial Insurance Modeling: Key Insights and Applications
-
AI Mortgage Practitioner: May 2025
-
School of Mortgage Banking II: June 2025: Online
-
MISMO Boot Camp: June 2025: Boston, MA
-
AI Mortgage Practitioner: June 2025
-
AI on Trial: Fair Lending, Compliance, and the Fight for Transparency in Mortgage Lending
-
School of Mortgage Banking II: July 2025: Washington D.C.
-
Get to Know MISMO – The Key to Accelerating the Industry’s Digital Future
-
AI Mortgage Practitioner: July 2025: Washington, DC
-
AI Mortgage Practitioner & Change Champion Workshop: July 2025: Washington, DC