Laws & Regulations
/
State Privacy Laws: Montana

State Privacy Laws: Montana

Montana Consumer Data Privacy Act (MTCDPA)

Overview

Montana was the ninth state to pass a comprehensive state privacy law. While the MTCDPA shares similarities with other state privacy laws, such as those in California, Colorado, and Florida, it exempts fewer organizations, making its impact more widespread.

Key Dates

  • Signed into law: May 19, 2023
  • Effective date: October 1, 2024

Thresholds

The MTCDPA applies to a person that conducts business in Montana or produces products or services that are targeted at Montana consumers, and either:

  • controls or processes personal data of at least 50,000 Montana consumers (excluding personal data processed for completing payment transactions)
  • controls or processes personal data of at least 25,000 Montana consumers and derives over twenty-five percent (25%) of gross revenue from the "sale" of any personal data.

Consumer Rights

  • The right to confirm whether a controller is processing their data.
  • The right to request access to the data a controller has collected.
  • The right to correct inaccuracies in personal data.
  • The right to request a controller delete collected data.
  • The right to obtain a copy of the data a controller has collected.
  • The right to opt out of the processing of personal data for the purposes of targeted advertising, sale, or automated profiling.

Sensitive Data

  • Racial or ethnic origin
  • Religious beliefs
  • Mental/physical health condition and/or diagnosis
  • Information about a person’s sex life, sexual orientation or sex life
  • Citizenship/immigration status
  • The processing of genetic or biometric data for the purpose of uniquely identifying an individual
  • Personal data collected from a known child
  • Precise geolocation data

Penalties

Montana does not specify a civil penalty amount.

Configure Your Consent Banner for MTCDPA

Regions are used to customize the behavior and experience based on an individual user’s location. As an example, this allows you to provide different experiences to users based on regional differences (like GDPR in the EU vs. MTCDPA in Montana). When a user visits your site, we will automatically determine their location and will match them to the most granular region rule that you have setup in Concord. This can go down to the state/province level, which allows for different experiences for different laws (like MTCDPA in Montana).

Recommended Consent Settings

Based on the current laws, we recommend the following regional settings:

  • Consent Mode: Implied
  • Blocking Mode: Strict
  • Google Consent Mode V2: Basic
  • Consent Duration: 12 months
  • Enable Limit Sensitive Information: Enabled
  • Enable Do Not Sell Consent: Enabled
  • Enable Global Privacy Control: Enabled

For step-by-step instruction on how to configure your consent banner for different geographical regions within the Concord app, see our help document https://www.concord.tech/docs/configure-consent-banner-difference-regions.

Important Note: While you can get as granular as you want, we typically recommend a single global policy that meets the strictest guidelines across regions, or higher splits (like separate GDPR and United States regions). If you have any questions on how and why to configure your regions in certain ways, please reach out to our support team.

Topics

Product
Consent ManagementPrivacy RequestsData MappingIntegrationsSign InSign Up
Solutions
SoftwareE-CommerceFinancial ServicesGovernmentHealthcare
Resources
PricingHelp DocsBlogRoadmapContact UsBook MeetingAffiliate Program
Your Privacy Choices
Support CommitmentLeadershipMerch
Social
Concord Logo Blue Logo White Text
© 2024 Concord Technologies Inc | All Rights Reserved | Website Privacy Policy | Disclaimer | SaaS Agreement | Data Protection Agreement | Affiliates Agreement