Legislature Passes Credit Protection Bill to Protect Consumers After Equifax


Bill creates stronger protections against identity theft and data breaches for all consumers in the Commonwealth

BOSTON — The state legislature on Thursday voted to pass final language of a bill designed to protect the personal information of consumers in the case of data breaches, like the one seen at Equifax, and provide free credit freezes for all consumers.

The bill, An Act relative to consumer protection from security breaches, was sponsored by State Senator Barbara L’Italien (D-Andover), senate chair of the consumer protection committee, and crafted in collaboration with Representative Jennifer Benson (the House sponsor of the bill), House Chair of the Committee on Consumer Protection and Professional Licensure Tackey Chan, Attorney General Maura Healey, the Massachusetts Public Interest Research Group (MASSPIRG), and AARP Massachusetts.

Important components of the bill that help all consumers protect their private information include free security freezes and removals for everyone, free credit monitoring when an agency is breached, and empowering consumers to consent to having their data pulled, among others.

“Months have gone by since the Equifax data breach and although we still don’t know the full extent of its impact we do know how quickly our most personal information can become compromised.   Millions of Americans don’t know who might now have access to their personal information and what they might do with it. This bill empowers consumers to better understand and control their credit reports before, during and after a breach.” said bill sponsor and Senate Chair of the Committee on Consumer Protection and Professional Licensure Barbara L’Italien. “Today we took the next step toward action to fix this situation. I’m so proud of our collaboration on a bill that sends out a clear message that Massachusetts is serious when it comes to protecting consumers, especially seniors, low-income residents, and other vulnerable populations who are hit the hardest by situations like these.”

“This bill gives Massachusetts residents more control over who can access their credit information and enhances our office’s ability to respond to Equifax-style data breaches in the future,” said Attorney General Maura Healey. “I applaud the Legislature for passing this critical bill, and urge the Governor to sign it into law.”

“This bill ensures that Massachusetts residents will have the right to more control over their personal data, and will provide essential protections for consumers,” said Senate President Harriette Chandler. “I believe that with this bill, Massachusetts establishes itself as a model for the rest of the country, and I thank our partners in the House for their work on this vital legislation.”

“In a fast-moving digital environment where personal data is at risk of being breached every day, it is critical that we tighten up privacy protections for consumers,” said Senate Ways & Means Chair Karen Spilka. “I’d like to thank Senator L’Italien for spearheading this effort, and I look forward to seeing this bill signed into law.”

“The Equifax data breach was a wake-up call that swift action needed to be taken in order to protect consumers of the Commonwealth,” said Senator John Keenan, who worked on the conference committee for the bill. “I am thankful to the Chairs of the conference committee, Representative Chan and Senator Barbara L’Italien, for their dedication and effective leadership. This legislation builds upon and strengthens federal regulations, giving Massachusetts consumers vital defenses against further breaches.”

Further information on how An Act relative to consumer protection from security breaches helps residents and sends a strong message that the Commonwealth is serious about protecting consumers:

  • Free security freezes and removals, for everyone. Credit agencies will no longer be able to charge you a fee when you want to limit who can look at your credit information, and companies are required to alert consumers that free freezes are available every time they offer a paid data security product.
  • Providing 3.5 years of free credit monitoring for a consumer when a credit reporting agency is breached, and 1.5 years of free monitoring when any other entity is breached.  Requires agencies to contract with third parties to provide the monitoring.
  • Requiring prior consent so that when an entity wants to access a consumer’s report they must get consent to do so, and explain the reason for the disclosure.  Consumers must be empowered to know who is pulling their data and why.
  • Updating our notification statutes so that upon being breached, companies are required to provide information about the nature & extent of a data breach and the potential impact to consumers, as well as updated it upon receipt of new information to help consumers know if they have been breached.
  • Updating the transaction processes for data security can occur via electronic communications in addition to in writing and on the phone.

The bill now moves to the governor’s desk.