30-14-2804. (Effective October 1, 2024) Exemptions. (1) This part does not apply to any:

contract signature

Ask a consumer protection question, get an answer ASAP!
Thousands of highly rated, verified consumer protection lawyers.
Help with credit card debt, collections, defective products
Get help with bankruptcy, filing complaints, extended warranties & more
Click here to chat with a lawyer about your rights.

Terms Used In Montana Code 30-14-2804

  • Affiliate: means a legal entity that shares common branding with another legal entity or controls, is controlled by, or is under common control with another legal entity. See Montana Code 30-14-2802
  • Consent: means a clear affirmative act signifying a consumer's freely given, specific, informed, and unambiguous agreement to allow the processing of personal data relating to the consumer. See Montana Code 30-14-2802
  • Consumer: means an individual who is a resident of this state. See Montana Code 30-14-2802
  • Controller: means an individual who or legal entity that, alone or jointly with others, determines the purpose and means of processing personal data. See Montana Code 30-14-2802
  • Fair Credit Reporting Act: A federal law, established in 1971 and revised in 1997, that gives consumers the right to see their credit records and correct any mistakes. Source: OCC
  • Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
  • Personal data: means any information that is linked or reasonably linkable to an identified or identifiable individual. See Montana Code 30-14-2802
  • Processor: means an individual who or legal entity that processes personal data on behalf of a controller. See Montana Code 30-14-2802
  • State: when applied to the different parts of the United States, includes the District of Columbia and the territories. See Montana Code 1-1-201
  • Third party: means an individual or legal entity, such as a public authority, agency, or body, other than the consumer, controller, or processor or an affiliate of the controller or processor. See Montana Code 30-14-2802

(a)body, authority, board, bureau, commission, district, or agency of this state or any political subdivision of this state;

(b)nonprofit organization;

(c)institution of higher education;

(d)national securities association that is registered under 15 U.S.C. §§ 78o3 of the federal Securities Exchange Act of 1934, as amended;

(e)financial institution or an affiliate of a financial institution governed by, or personal data collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, et seq.; or

(f)covered entity or business associate as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996, 45 C.F.R. § 160.103.

(2)Information and data exempt from this part include:

(a)protected health information under the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996;

(b)patient-identifying information for the purposes of 42 U.S.C. §§ 290dd-2;

(c)identifiable private information for the purposes of the federal policy for the protection of human subjects of 1991, 45 CFR, part 46;

(d)identifiable private information that is otherwise information collected as part of human subjects research pursuant to the good clinical practice guidelines issued by the international council for harmonisation of technical requirements for pharmaceuticals for human use;

(e)the protection of human subjects under 21 CFR, parts 6, 50, and 56, or personal data used or shared in research as defined in the federal Health Insurance Portability and Accountability Act of 1996, 45 C.F.R. § 164.501, that is conducted in accordance with the standards set forth in this subsection (2)(e), or other research conducted in accordance with applicable law;

(f)information and documents created for the purposes of the Health Care Quality Improvement Act of 1986, 42 U.S.C. § 11101, et seq.;

(g)patient safety work products for the purposes of the Patient Safety and Quality Improvement Act of 2005, 42 U.S.C. §§ 299b-21, et seq., as amended;

(h)information derived from any of the health care-related information listed in this subsection (2) that is:

(i)de-identified in accordance with the requirements for de-identification pursuant to the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996; or

(ii)included in a limited data set as described in 45 C.F.R. § 164.514(e), to the extent that the information is used, disclosed, and maintained in a manner specified in 45 C.F.R. § 164.514(e).

(i)information originating from and intermingled to be indistinguishable with or information treated in the same manner as information exempt under this subsection (2) that is maintained by a covered entity or business associate as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996, 45 C.F.R. § 160.103, or a program or qualified service organization, as specified in 42 U.S.C. §§ 290dd-2, as amended;

(j)information used for public health activities and purposes as authorized by the federal Health Insurance Portability and Accountability Act of 1996, community health activities, and population health activities;

(k)the collection, maintenance, disclosure, sale, communication, or use of any personal information bearing on a consumer‘s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency, furnisher, or user that provides information for use in a consumer report and by a user of a consumer report, but only to the extent that the activity is regulated by and authorized under the Fair Credit Reporting Act, 15 U.S.C. § 1681, as amended;

(l)personal data collected, processed, sold, or disclosed in compliance with the Driver’s Privacy Protection Act of 1994, 18 U.S.C. § 2721, et seq., as amended;

(m)personal data regulated by the Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g, et seq., as amended;

(n)personal data collected, processed, sold, or disclosed in compliance with the Farm Credit Act of 1993, 12 U.S.C. § 2001, et seq., as amended;

(o)data processed or maintained:

(i)by an individual applying to, employed by, or acting as an agent or independent contractor of a controller, processor, or third party to the extent that the data is collected and used within the context of that role;

(ii)as the emergency contact information of an individual under this part and used for emergency contact purposes; or

(iii)that is necessary to retain to administer benefits for another individual relating to the individual who is the subject of the information under subsection (2)(a) and is used for the purposes of administering the benefits; and

(p)personal data collected, processed, sold, or disclosed in relation to price, route, or service, as these terms are used in the Airline Deregulation Act of 1978, 49 U.S.C. § 40101, et seq., as amended, by an air carrier subject to the Airline Deregulation Act of 1978, to the extent this part is preempted by the Airline Deregulation Act of 1978, 49 U.S.C. § 41713, as amended.

(3)Controllers and processors that comply with the verifiable parental consent requirements of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. § 6501, et seq., shall be considered compliant with any obligation to obtain parental consent pursuant to this part.

  Previous
Next  
 Part 28 Contents