MA Residents to Get New Consumer Protections

Media Contacts

BOSTON — Massachusetts residents will get new consumer protections against identity theft under a new law, An Act Relative to Consumer Protection from Security Breaches, HB 4806,  just signed by Governor Baker.

The new law enables consumers to safeguard their personal financial information by allowing them to “freeze” and “thaw” their credit files for free — preventing thieves from opening new credit accounts in their names, adding into to state statute a provision recently passed by Congress. The law also requires that credit bureaus and other companies give consumers free credit monitoring services after a data breach, and improves consumer notifications among other protections.


Last month Marriott announced a security breach that put more than 500 million customers at risk of identity theft, and months before that Equifax, one of the three largest credit bureaus in the country, announced an especially dangerous breach.

“This is good news and offers consumers new tools to protect themselves from identity theft after a security breach like the recently announced ones at Equifax and Marriott,” said Deirdre Cummings, legislative director for MASSPIRG. “While a good first step, we still have some more work to do to hold companies accountable for failing to properly safeguard our personal information.”

MASSPIRG praised the leadership of Governor Baker, Chairman of the Consumer Protection Committee, Tacky Chan and the bill sponsors, former Senator Barbara L’Italien and Representative Jennifer Benson.

Key Provisions in the Act Relative to Consumer Protection from Security Breaches:

Free Credit Freeze: In September 2018, a new federal law allows consumers to freeze and thaw their credit files at any time, for free. This law establishes this provision in state statue. Unlike credit monitoring (which alerts you after potential identity theft has already occurred), a credit freeze makes it harder for someone to open a new fraudulent account in your name. The three major credit bureaus – Equifax, TransUnion, and Experian – had been charging Massachusetts consumers $5 per freeze/thaw transaction.

Free Credit Monitoring: If a security breach involving a Social Security number occurs at a consumer reporting agency – such as Equifax – the law requires credit reporting agencies to provide at least 3.5 years of free monitoring to affected consumers, for all other entities they must offer consumers at least 1.5 years of free monitoring. Credit monitoring services can help alert consumers to incidences of fraud allowing them to act quickly to minimize damage to their finances.

Prohibits binding arbitration clause in credit monitoring products:  No one should have to give up their right to sue for redress just to receive credit monitoring after a breach.

Addition Consumer Information: The new law would better inform consumers about security breaches and their rights. Credit reporting agencies would not be able to sell consumers credit freeze services without first disclosing that consumers are entitled by law to a free freeze. The agencies also would have to tell consumers how to get those free freezes.

MASSPIRG offered tips for consumers to protect themselves from identity theft and other fraud whether their information was stolen in high profile breaches or not.

·         Existing Account Fraud: Check your monthly credit card and bank statements. Use credit cards instead of debit cards for all online and in-person purchases if possible. Consumers have more legal protections against fraud with credit cards and can also avoid having to wait for their banks to replenish funds stolen from checking accounts.

·         New Account Fraud (including cell phone, credit card, loan and utilities accounts): Get credit freezes at all three nationwide credit bureaus — Equifax, Experian, and TransUnion.

·         Tax Refund Fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.

·         Social Security Benefits Fraud: Sign up for your “my Social Security” (MySSA) account before thieves claim it and change your direct deposit info to route into their checking accounts.

·         Health Care Services/Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.

·         Other Fraudulent Activity: Check your free annual consumer reports with companies that specialize in collecting information often misused by criminals.

·         Phishing Scams: Ignore unsolicited requests for information by email, links, phone calls, pop-up windows or text messages.

More tips for protecting yourself from identity theft and fraud are available here.



Pictured: Deirdre Cummings, MASSPIRG and Michael Festa, AARP testifying before the Legislature’s Joint Committee on Consumer Protection, in favor of the Credit Freeze bill on Sept. 26, 2017 just weeks after Equifax announced they suffered a massive security breach affecting 3 million MA residents.

Photo credit: Caley McGuane