Nonbank Data Security Law [pdf]
Report a cybersecurity incident
Minnesota’s Nonbank Data Security Law (Minnesota Statutes Chapter 46A), passed by the 2024 Minnesota Legislature, adopts a model law proposed by the Conference of State Bank Supervisors (CSBS). The law tracks the updated federal Safeguards Rule.
This law includes requirements for Minnesota-licensed nonbank financial institutions to report a notification event to the commissioner.
The law applies to mortgage, money services and consumer finance entities licensed by the Department of Commerce and asks them to do three things:
Protecting the privacy of consumer data has been a priority for the Commerce Department and the CSBS. Commerce continues to work with CSBS committees on additional policy ideas for consumer privacy protection.
Commerce Department contact for Nonbank Financial Institutions Information Security Program reporting:
Senior Examiner, Nicholas Jenson
nicholas.jenson@state.mn.us | 651-539-1712