State Data Protection Issues

Share to

MBA is providing this resource center to its member companies, state and local real estate finance associations, and partner trade groups to help engage with state policymakers working to strengthen their consumer data protection laws. As part of this debate, it is important to recognize not just the necessity of sharing and validating data in real estate finance but to also appreciate that this system is already subject to robust federal consumer protection laws and rules. State data protection bills must not unintentionally impede homeownership. To help inform the policy discussion on these issues, MBA provides suggested legislative language for consideration in state bills and other support materials and information.

Please read MBA's Data Protection Principles and MBA's Model Data Protection Amendment

Recent MBA Activity Related to Data Protection Issues


  • January 9, 2023: MBA and NYMBA submit a joint comment letter in response to NYDFS releasing proposed amendments to New York's Cybersecurity Regulation (23 NYCRR 500).
  • August 23, 2022: MBA and CMBA Submit a Comment Letter in Response to California Privacy Protection Agency's proposed rules to implement the California Privacy Rights Acts. 
  • May 10, 2022: Connecticut Governor Ned Lamont Signs into law the Connecticut Data Privacy Act (SB 6). CT is 5th State to Enact Comprehensive Data Privacy Legislation.
  • March 24, 2022: Utah Governor Spencer Cox Signs the Utah Consumer Privacy Act (SB 227) to Overhaul State Data Privacy Law. Includes Gramm-Leach-Bliley (GLBA) Exemption for Financial Institutions and Data.
  • July 8, 2021: Colorado Governor Jared Polis Signs Colorado Privacy Act into Law (SB 190). Comprehensive Data Privacy Legislation that is Consistent with Virginia.
  • March 21, 2021: Virginia Enacts Comprehensive Data Privacy Legislation (HB 2307). Exemptions Financial Institutions Consistent with the Federal Gramm-Leach-Bliley Act (GLBA).
MAA Social Media Graphic