Deirdre Cummings
Legislative Director, MASSPIRG
617-747-4319
[email protected]
Legislative Director, MASSPIRG
617-747-4319
[email protected]
MASSPIRG
A year ago, Equifax announced that hackers had breached its system and accessed the data of nearly 150 million U.S. consumers. To mark the anniversary of that notorious announcement, MASSPIRG called on state lawmakers to pass the pending Security Breach Bill, H4806 and released a new report containing suggestions on how lawmakers, regulators, and consumers can safeguard personal information.
“One year after announcing the worst data breach in history weeks after it knew about it, Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Deirdre Cummings, MASSPIRG’s Legislative Director. “This may not have been the biggest breach ever, but it’s the worst, because Equifax’s carelessness made it easier for bad guys to steal the identities of nearly 150 million consumers.”
The Act Relative to Consumer Protection from Security Breaches, HB 4806 passed both the Massachusetts House and Senate with unanimous bi-partisan support in July is currently pending a final reenactment vote before it can become law. Instead of signing the bill, Governor Baker sent the bill back to the legislature with relatively minor changes. As a result, the legislature must “re-enact” the bill before the end of the year before it can become law.
“The legislature should be commended for acting quickly and passing this important consumer protection bill,” said Cummings. “But the bill still needs a final vote to become law. We hope the legislature will see to it that the bill makes it over the finish line to protect Massachusetts consumers.”
If passed, the bill will provide consumers with important consumer protections: (click here for more detail)
Free Credit Freeze: The law will allow consumers to freeze and thaw their credit files at any time, for free.
Free Credit Monitoring: If a security breach involving a Social Security number occurs at a consumer reporting agency – such as Equifax – the bill requires credit reporting agencies to provide at least 3.5 years of free monitoring to affected consumers. Other entities that suffer a breach must offer consumers at least 1.5 years of free monitoring.
Prohibits binding arbitration clause in credit monitoring products: No one should have to give up their right to sue for redress just to receive credit monitoring after a breach.
Addition Consumer Information: The new law would better inform consumers about security breaches and their rights.
Consent: In some limited instances companies or individuals seeking to obtain or use a consumer’s credit report will need the permission of the consumer and must disclose the reason for seeking access to the information.
The report, Equifax Breach: 1 Year Later – How to Protect Yourself Against ID Theft & Hold Equifax Accountable, includes the following features:
The report also recommends requiring companies that have been hacked to clearly explain to consumers how they can protect themselves against most types of identity theft.
The report contains charts, checklists and other tips to help consumers prevent and detect the types of identity theft and fraud made possible by the Equifax breach:
The report also highlights the need for both penalties against and new oversight of Equifax to compensate the victims and prevent future breaches of this scale.
“Ultimately, we are not the customers of Equifax or the other credit bureaus. We are their product. We did not ask or give them permission to collect or sell our personal information,” said Cummings. “At the very least, breached companies should be held accountable for failing to safeguard our personal information and the legislature should act without delay in passing the security breach bill.”
###
MASSPIRG Education Fund is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety, or well-being.