Are banks exempt from any federal or state data privacy laws?

Minneapolis banking and financial services attorney, Beau Hurtig, discusses exemptions for privacy laws.

Contact Beau Hurtig

Email: [email protected]

Phone: (612) 492-7267


So to answer that question we first have to know what laws are out there and banks at the federal level are governed by the Gramm-Leach-Bliley Act, which basically says you have to take reasonable measures to protect customer information. At the state level, various states have various laws and so complying with all of them is a bit of a chore. And it would be great if we could just go by the federal law if the federal law Gramm-Leach-Bliley preempted the state laws. Unfortunately, that’s not the case, Gramm-Leach Bliley actually says to the extent state laws are more protective you have to follow them. And so that’s why we need to figure out where customers live that are affected by a breach and then we look at their state laws. The good news is many state laws do say if you have to comply with a federal law like Gramm-Leach-Bliley you’re exempt from our state law. So that does help but, unfortunately, you do have to check both state and federal laws in event of a breach.