Home / Advocacy and Policy / Residential Policy Issues / State Data Protection Issues

State Data Protection Issues

Share to

MBA is providing this resource center to its member companies, state and local real estate finance associations, and partner trade groups to help engage with state policymakers working to strengthen their consumer data protection laws. As part of this debate, it is important to recognize not just the necessity of sharing and validating data in real estate finance, but to also appreciate that this system is already subject to robust federal consumer protection laws and rules. State data protection bills must not unintentionally impede homeownership. To help inform the policy discussion on these issues, MBA provides suggested legislative language for consideration in state bills and other support materials and information.

Resources:

State Data Privacy

Key

Enacted Data Privacy Law
Amendments to Law Introduced
Active Data Privacy Bill
No Current Activity

2025 Activity Related to Data Protection Issues

  • June 5, 2025: Michigan introduces SB 359 which exempts GLBA data as well as "Financial Institutions". Defined in the bill Financial Institutions includes banks, savings and loan associations, and credit unions insured by a federal agency and their affiliates primarily engaging in financial services.
  • May 8, 2025: Montana Governor Gianforte signs SB 297, revising the Montana Consumer Data Privacy Act to remove the entity-level exemption, leaving only depositories and GLBA data exempt.
  • March 27, 2025: Wisconsin introduces SB 166 with GLBA entity, affiliate and data exemption. 
  • March 21, 2025: Vermont amends S 71 and expands exemption to GLBA entity and data. Maine carried over LD 1088 / HP 799 with exemptions for GLBA entity, affiliates and data.
  • March 19 & 25, 2025: North Carolina files HB 462 & SB 757 for this legislative session. HB 462 only includes GLBA entity exemption while SB 757 provides GLBA entity, affiliate and data level exemptions. 
  • March 18 & 21, 2025: Pennsylvania introduces HB 78 and SB 112, both including exemptions for GLBA entity, affiliates and data. 
  • February 27, 2025: Vermont introduces a second data privacy bill, S 93,  which includes GLBA entity and data exemptions. 
  • February 25 & 26, 2025: West Virginia introduces additional data protection legislation, HB 2953, with no industry exemptions only to be followed by the introduction of HB 2987, which contains GLBA entity and data exemptions. 
  • February 20, 2025: Connecticut introduces SB 1356 which would remove the GLBA entity level exemption from current law and only provide a data level exemption. 
  • February 18, 2025: Vermont introduces S 71 only providing exemptions for federally or state chartered depositories and GLBA data. **This bill was amended in March 21st
  • February 14, 2025: West Virginia introduces HB 3498 with GLBA entity and data level exemptions.
  • February 13, 2025: Alabama introduces HB 283, a broad data privacy bill with some auto decision restrictions - and the GLBA entity, affiliate and data exemption. 
  • February 12, 2025: New Mexico introduces HB 410 with GLBA entity and data level exemptions while Vermont introduces H 208 only providing exemptions for GLBA data and state or federally chartered depositories and their affiliates. 
  • February 11, 2025: Montana introduces SB 297 which would remove the GLBA entity exemption only for independent mortgage banks, replacing it with GLBA data exemption and an exemption for federally or state charter banks, credit unions, or their affiliates. 
  • February 6, 2025: Illinois introduces HB 3041 with no industry exemptions. 
  • February 5, 2025: Georgia introduces SB 111, a broad data privacy bill that includes a GLBA entity, affiliate and data exemption. **Georgia adjourned without passing SB 111
  • February 2 and 3, 2025: Oklahoma introduces two broad data privacy bills. HB 1012 includes MBA’s model. exemption for GLBA entities, affiliates and data – while SB 546 only includes exemptions for a GLBA entity and data.
  • February 2, 2025: New Mexico introduces HB 307 with no industry exemptions. 
  • January 27, 2025: Washington introduces HB 1671, a broad data privacy bill with only a GLBA data exemption.
  • January 20, 2025: Mississippi introduces SB 2500 with GLBA entity, affiliate and data exemptions while SB 2779 was introduced without any industry exemptions. **Mississippi adjourned without passing either legislation.
  • January 17, 2025: Hawaii introduces SB 103 with a GLBA data only exemption. Massachusetts files a draft, SD 2355, for a broad data privacy and artificial intelligence bill that only exempts GLBA data.
  • January 12, 2025: Illinois introduces SB 52, a broad data privacy bill exempting only GLBA data.
  • January 8, 2025: New York introduced AB 974, a broad data privacy bill with exemptions for only GLBA data.
  • December 5, 2025: South Carolina prefiles HB 3401 with GLBA entity and data exemptions. 

Data Protection Laws

  1. California Consumer Privacy Act 
  2. Colorado Privacy Act 
  3. Connecticut Data Privacy Act 
  4. Delaware Personal Data Privacy Act
  5. Indiana Consumer Data Protection Act
  6. Iowa Consumer Data Protection Act
  7. Kentucky Consumer Data Protection Act
  8. Maryland Online Data Privacy Act
  9. Minnesota Consumer Data Privacy Act
  10. Montana Consumer Data Privacy Act
  11. Nebraska Data Privacy Act
  12. New Hampshire (SB 255)
  13. New Jersey (SB 332)
  14. Oregon Consumer Privacy Act
  15. Rhode Island Data Transparency & Privacy Protection Act
  16. Tennessee Information Protection Act
  17. Texas Data Privacy & Security Act
  18. Utah Consumer Privacy Act
  19. Virginia Consumer Data Protection Act

Watch MBA's Liz Facemire Discuss Advocacy and Data Privacy

MAA Social Media Graphic