The MCDPA explicitly excludes government bodies and political subdivisions from its scope.

Text of Relevant Provisions

MCDPA Sec. 4(1)(a):

*"(1) [Sections 1 through 12] do not apply to any:

(a) body, authority, board, bureau, commission, district, or agency of this state or any political subdivision of this state;"*

Analysis of Provisions

The MCDPA clearly exempts government entities from its purview. Section 4(1)(a) states that Sections 1 through 12 of the Act do not apply to "(a) body, authority, board, bureau, commission, district, or agency of this state or any political subdivision of this state". This broad language indicates a legislative intent to exclude data processing activities of state and local government entities from the MCDPA's reach.

Implications

The exemption for government entities has significant implications for businesses in Montana.

• Data processing for government entities: Businesses that solely process personal data on behalf of exempt government entities are not subject to the MCDPA, even if they meet the Act's thresholds for data processing volume or revenue. For example, a technology company managing a state agency's database of residents is exempt.
• Mixed data processing: Companies processing data for both government entities and private entities must carefully assess their activities. The exemption applies only to the processing done for the government entity. If the company's processing of personal data for private entities meets the MCDPA's thresholds, the Act will apply to that portion of their operations.

This exemption aligns with a common approach in data protection laws, recognizing the distinct roles and responsibilities of government entities. However, it also highlights the importance of separate legal frameworks governing data processing in the public sector.