Legislature sends Governor Security Breach Bill

Media Contacts

Legislature sends Governor Security Breach Bill: Adding new tools to detect and prevent identity theft


BOSTON – Massachusetts residents poised to get new consumer protections against identity theft under a new bill, An Act Relative to Consumer Protection from Security Breaches, HB 4806,  just passed with bipartisan, unanimous votes in both the House and Senate on New Year’s Eve.

If signed by Governor Baker, the new law will enable consumers to safeguard their personal financial information by allowing them to “freeze” and “thaw” their credit files for free — preventing thieves from opening new credit accounts in their names, adding into to state statute a provision recently passed by Congress. The law also requires that credit bureaus and other companies give consumers free credit monitoring services after a data breach, and improves consumer notifications among other protections. 

Last month Marriott announced a security breach that put more than 500 million customers at risk of identity theft, and months before that Equifax, one of the three largest credit bureaus in the country, announced an especially dangerous breach. “While these new tools will help consumers protect themselves from identity theft, it is clear that big businesses have to do a much better job at safeguarding consumers’ personal information and must be held accountable for their failures,” said Deirdre Cummings, legislative director for MASSPIRG. “Identity thieves stole more than $17 billion dollars from American consumers last year – and that number is growing.” 

Key Provisions in the Act Relative to Consumer Protection from Security Breaches: 

Free Credit Freeze: In September 2018, a new federal law allows consumers to freeze and thaw their credit files at any time, for free. This law establishes this provision in state statue. Unlike credit monitoring (which alerts you after potential identity theft has already occurred), a credit freeze makes it harder for someone to open a new fraudulent account in your name. The three major credit bureaus – Equifax, TransUnion, and Experian – had been charging Massachusetts consumers $5 per freeze/thaw transaction.

Free Credit Monitoring: If a security breach involving a Social Security number occurs at a consumer reporting agency – such as Equifax – the law requires credit reporting agencies to provide at least 3.5 years of free monitoring to affected consumers, for all other entities they must offer consumers at least 1.5 years of free monitoring. Credit monitoring services can help alert consumers to incidences of fraud allowing them to act quickly to minimize damage to their finances.

Prohibits binding arbitration clause in credit monitoring products:  No one should have to give up their right to sue for redress just to receive credit monitoring after a breach.

Addition Consumer Information: The new law would better inform consumers about security breaches and their rights. Credit reporting agencies would not be able to sell consumers credit freeze services without first disclosing that consumers are entitled by law to a free freeze. The agencies also would have to tell consumers how to get those free freezes.

The bill was sponsored by Sen. Barbara L’Italien (Andover) and Rep. Jennifer Benson (Lunenburg). MASSPIRG praised the work of the sponsors and the six members of the conference committee; Reps. Tacky Chan (Quincy), Daniel Hunt (Dorchester), Randy Hunt (Sandwich) and Sens. Barbara L’Italien (Andover), John Kennan (Quincy), Ryan Fattman (Webster).

“We hope he Governor will sign this timely bill into law,” concluded Cummings.


Pictured: Deirdre Cummings, MASSPIRG and Michael Festa, AARP testifying before the Legislature’s Joint Committee on Consumer Protection, in favor of the Credit Freeze bill on Sept. 26, 2017 just weeks after Equifax announced they suffered a massive security breach affecting 3 million MA residents.

Photo credit: Caley McGuane