State Data Protection Issues

Share to

MBA is providing this resource center to its member companies, state and local real estate finance associations, and partner trade groups to help engage with state policymakers working to strengthen their consumer data protection laws. As part of this debate, it is important to recognize not just the necessity of sharing and validating data in real estate finance but to also appreciate that this system is already subject to robust federal consumer protection laws and rules. State data protection bills must not unintentionally impede homeownership. To help inform the policy discussion on these issues, MBA provides suggested legislative language for consideration in state bills and other support materials and information.

Please read MBA's Data Protection Principles and MBA's Model Data Protection Amendment

Recent MBA Activity Related to Data Protection Issues


  • May 30, 2023: Texas Legislature passes the Texas Data Privacy and Security Act, which contains GLBA exemptions for financial institutions and data subject to GLBA. If signed, this Act will take effect 7/1/24.
  • May 19,2023: Governor Gianforte signed the Montana Consumer Data Privacy Act, which contains GLBA exemptions for financial institutions, affiliates of financial institutions, and data subject to federal GLBA. 
  • May 11, 2023: Governor Bill Lee signed the Tennessee Information Protection Act, which contains GLBA exemptions financial institutions and affiliates, or data subject to federal GLBA.
  • May 5, 2023: Texas Legislature approves the HB-4, which includes GLBA exemption; bill now in conference committee.
  • May 1, 2023: Indiana Consumer Data Privacy Act  enacted. New law is effective 1/1/26, and contains exemptions for any financial institutions and affiliates, or data subject to federal GLBA.
  • April 21, 2023: Montana Legislature passes data protection legislation (SB-384) with exemptions for a financial institution or an affiliate of a financial institution governed by, or personal data collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act. Will take effect 10/1/24 if signed.
  • March 28, 2023: Iowa Governor Kim Reynolds signs consumer data protection bill into law. Legislation includes Gramm-Leach-Bliley (GLBA) exemption for financial institutions and data. 
  • January 9, 2023: MBA and NYMBA submit a joint comment letter in response to NYDFS releasing proposed amendments to New York's Cybersecurity Regulation (23 NYCRR 500).
  • August 23, 2022: MBA and CMBA Submit a Comment Letter in Response to California Privacy Protection Agency's proposed rules to implement the California Privacy Rights Acts. 
  • May 10, 2022: Connecticut Governor Ned Lamont Signs into law the Connecticut Data Privacy Act (SB 6). CT is 5th State to Enact Comprehensive Data Privacy Legislation.
  • March 24, 2022: Utah Governor Spencer Cox Signs the Utah Consumer Privacy Act (SB 227) to Overhaul State Data Privacy Law. Includes Gramm-Leach-Bliley (GLBA) Exemption for Financial Institutions and Data.
  • July 8, 2021: Colorado Governor Jared Polis Signs Colorado Privacy Act into Law (SB 190). Comprehensive Data Privacy Legislation that is Consistent with Virginia.
  • March 21, 2021: Virginia Enacts Comprehensive Data Privacy Legislation (HB 2307). Exemptions Financial Institutions Consistent with the Federal Gramm-Leach-Bliley Act (GLBA).
MAA Social Media Graphic