Montana

Privacy Law Status

Comprehensive Privacy Law

Montana has enacted the Montana Consumer Data Privacy Act (MTCDPA), making it the ninth state in the U.S. to pass comprehensive consumer data privacy legislation[1]. Originally signed into law as Senate Bill 384 in May 2023, the law became effective on October 1, 2024[1][2]. The law was significantly strengthened through Senate Bill 297, signed in May 2025, with amendments taking effect on October 1, 2025[3][4].

Legislative Activity

Montana’s privacy law has undergone substantial updates since its original passage. The 2025 amendments lowered the business applicability thresholds, added enhanced protections for minors under 18, removed the 60-day cure period for violations, and expanded privacy notice requirements[3][4][5]. These changes generally align Montana’s law with stronger privacy protections found in other states while maintaining bipartisan legislative support[6].

Implementation Timeline

The original law took effect on October 1, 2024, with a temporary 60-day cure period that allowed businesses time to correct violations before facing enforcement action[7]. As of October 1, 2025, the strengthened amendments are now in effect, including the removal of the cure period, meaning the Montana Attorney General can immediately pursue enforcement actions for violations[4][5]. Businesses were required to recognize universal opt-out mechanisms like Global Privacy Control starting January 1, 2025[8].

Your Rights as a Montana Resident

Under the Montana Consumer Data Privacy Act, you have several important rights regarding how businesses handle your personal information.

Right to know what data is collected – You can request confirmation about whether a business is processing your personal data and access details about what information they have collected about you[8][2]
Right to delete personal information – You can request that businesses delete your personal data, with certain exceptions for legitimate business purposes[8][2]
Right to opt out of data sales – You can opt out of having your personal information sold to third parties and opt out of targeted advertising based on your data[8][2]
Right to correct inaccurate data – You can request that businesses correct any inaccurate personal information they maintain about you[8][2]
Right to non-discrimination – Businesses cannot discriminate against you for exercising any of these privacy rights, such as denying services or charging different prices[8][2]

For sensitive data like biometric information or precise geolocation, businesses must obtain your explicit consent before processing this information[8].

Business Requirements

The Montana law applies to businesses meeting specific thresholds and imposes several compliance obligations.

Which companies must comply – Businesses that control or process personal data of 25,000 or more Montana residents, or businesses that handle data from 15,000 or more residents and derive over 25% of revenue from data sales[5][6]
Notice and transparency requirements – Companies must provide clear privacy notices that include categories of data collected, purposes for processing, third-party sharing practices, contact information, and instructions for exercising rights[8][5]
Consumer request response procedures – Businesses must establish secure methods for consumers to submit privacy requests, though certain sensitive information like Social Security numbers and biometric data cannot be disclosed in response to access requests[4][8]
Security and breach notification rules – Companies must conduct data protection impact assessments for high-risk processing activities and notify both consumers and the Montana Attorney General’s office of data breaches without unreasonable delay[8][9]

Practical Impact

How these laws protect residents in daily life – The law gives you control over how companies use your data for advertising, selling to data brokers, and automated decision-making that could affect your access to services, employment, or credit opportunities[8][2]
What to do if rights are violated – Since there is no private right of action, you must file complaints with the Montana Attorney General’s Office of Consumer Protection, which has exclusive enforcement authority over privacy violations[10][11][2]
Limitations and gaps in protection – The law only applies to larger businesses meeting specific thresholds, exempts certain sectors like healthcare and financial services covered by federal laws, and does not allow individual lawsuits for most violations[8][2]

Comparison Context

How Montana compares to leading privacy states – Montana now has one of the lowest applicability thresholds of any state privacy law at 25,000 consumers, compared to 100,000 in states like Virginia and Colorado, making it apply to more businesses despite the state’s smaller population[6][12]
What residents might be missing compared to other states – Unlike California’s law, Montana does not provide consumers the right to sue companies directly for most violations, and unlike some other states, it lacks a dedicated privacy enforcement agency, relying instead on the Attorney General’s office[11][2]

Action Steps for Residents

Immediate steps to protect privacy – Review privacy policies of websites and apps you use, enable Global Privacy Control in your browser to automatically opt out of data sales, and regularly audit what companies have your information[8]
How to exercise legal rights – Contact companies directly through the privacy request mechanisms described in their privacy notices, keep records of your requests and responses, and file complaints with the Attorney General’s office if companies fail to respond appropriately[8][10]
Resources for staying informed – Monitor the Montana Legislature website for privacy-related bills, sign up for consumer alerts from the Attorney General’s Office of Consumer Protection, and follow enforcement actions to understand how the law is being applied in practice[10][13]

Official Resources and Contact Information

Montana Attorney General’s Office of Consumer Protection

The Office of Consumer Protection enforces the Montana Consumer Data Privacy Act and handles consumer complaints about privacy violations. You can file complaints about businesses that fail to honor your privacy rights or respond to your requests.

Phone: 406-444-4500
Toll-Free: 800-481-6896
Email: contactocp@mt.gov
Address: P.O. Box 200151, Helena, MT 59620-0151

Data Breach Notifications

If you believe your personal information has been compromised in a data breach, businesses are required to report breaches to the state. You can also report suspected breaches directly to the Attorney General’s office at contactocp@mt.gov.

Montana State Legislature

Contact your state representatives to provide input on privacy legislation or express concerns about data protection issues.

Website: https://www.legmt.gov/
General Information: 406-444-3064

Find Your State Legislators

Use the Montana Legislature’s online tools to identify your specific state representatives by entering your address. This allows you to contact the legislators who represent your district about privacy concerns or to provide input on future legislation.

Legislator Lookup: https://www.legmt.gov/ (click “Find a Legislator”)

Legislative Session Information

During legislative sessions (January through April of odd-numbered years), you can access hearing schedules and provide public comment on privacy-related bills.

Session Information: 406-444-4800 (during session only)
Year-round Interim Committee Information: Available at https://www.legmt.gov/

Sources and Citations

[1] consumerfsblog.com/2023/05/montana-enacts-comprehensive-consumer-data-privacy-law/

[2] www.workplaceprivacyreport.com/2023/05/articles/consumer-privacy/montana-passes-9th-comprehensive-consumer-privacy-law-in-the-u-s/

[3] perkinscoie.com/insights/blog/montanas-consumer-data-privacy-law-update-sb-297s-sweeping-changes-glance

[4] www.beneschlaw.com/resources/montana-amends-consumer-data-privacy-act-to-broaden-applicability-and-enhance-protections-for-minors.html

[5] natlawreview.com/article/privacy-big-sky-state-montanas-consumer-privacy-law-gets-amended

[6] fpf.org/blog/amendments-to-the-montana-consumer-data-privacy-act-bring-big-changes-to-big-sky-country/

[7] commlawgroup.com/2024/montana-consumer-data-privacy-act-goes-into-effect-today/

[8] www.didomi.io/blog/montana-consumer-data-privacy-act-mtcdpa-what-to-know-and-how-to-comply

[9] dojmt.gov/office-of-consumer-protection/reporting-requirements-for-data-breaches/

[10] dojmt.gov/office-of-consumer-protection/

[11] www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2023/12/the-montana-data-privacy-law-an-overview.html

[12] www.hunton.com/privacy-and-information-security-law/montana-amends-consumer-data-privacy-act

[13] archive.legmt.gov/legislator-lookup/

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.