After bringing the nation’s first enforcement action against Equifax for its failure to protect the personal information of nearly three million Massachusetts residents, Attorney General Maura Healey announced updated legislation that will better protect consumers from data breaches.
The new legislation, An Act Removing Fees for Security Freezes and Disclosures of Consumer Credit Reports (SB 130/HB 134), will help consumers by eliminating fees and establishing a one-stop shop for placing credit freezes, mandating encryption of personal information in credit reports and requiring that companies obtain consent before accessing or using consumer credit reports and credit scores.
“For too long, protecting consumers has been an afterthought for Equifax and other credit reporting agencies,” said Healey in a press release issued by The Commonwealth of Massachusetts Office of the Attorney General. “This bill will give Massachusetts residents control over their personal data and help fix a system that needed reform long before the Equifax breach.”
The bill – introduced this week at the State House – is co-sponsored by Senator Barbara L’Italien and State Representative Jennifer Benson. AG Healey’s office assisted in drafting the updated language to provide additional protections for consumers affected by a breach.
“With the Equifax breach we learned how easy it is for our personal information to be compromised, and the urgency of ensuring additional protection for consumers and our credit and financial information,” said Senator L’Italien in the release.
The updated legislation helps consumers in Massachusetts in a number of ways:
- Consent: Any company seeking to obtain or use a consumer’s credit report or credit score will need the written consent of the consumer and must disclose the reason for seeking access to the information.
- Credit freeze: The bill would allow consumers to place and lift a credit freeze on their files at any time for free. Unlike credit monitoring, which alerts the consumer after potential identity theft has already occurred, a credit freeze makes it harder for someone to open a new account in someone else’s name. The new legislation will require the credit reporting agencies to put in place a simple, one-stop shop for freezing and unfreezing credit reports.
- Credit reports: The bill will require each credit reporting agency to provide extra access to free credit reports to consumers impacted by a breach. Under federal law, consumers only get access to one free credit report per year, but under the new legislation, affected consumers will be entitled to no less than three free copies from each agency after a data breach.
- Credit monitoring: If the breach occurs at a consumer reporting agency like Equifax, the bill requires it to provide five years of free credit monitoring to affected consumers.
- Encryption: The bill will require that all agencies encrypt personal information contained in consumer credit reports to enhance the security, confidentiality and integrity of personal information.
According to Equifax, the breach reported earlier this month potentially compromised the personal information of 143 million consumers nationwide, including nearly three million Massachusetts consumers. Following the breach, Healey launched an immediate investigation and filed a lawsuit last week against Equifax alleging that it did not maintain the appropriate safeguards to protect consumer data in violation of Massachusetts consumer protection and data privacy laws and regulations. The Attorney General’s Office also issued guidance for consumers in the wake of the data breach.
Equifax is a consumer reporting agency that businesses rely on to make decisions about the credit worthiness of consumers, therefore affecting whether consumers can buy a house, acquire a loan, lease a vehicle or even get a job. Consumers have little to no control over the information about them that Equifax acquires.
Healey will testify before the Joint Committee on Consumer Protection and Professional Licensure today in support of the bill and ask the Committee to incorporate the additional consumer protections proposed.
Source: Commonwealth of Massachusetts Office of the Attorney General
Related:
- Legal Experts See Room for Deal in Equifax Data Breach Lawsuits
- New York’s Cuomo Proposes Regulation in Wake of Equifax Security Breach
- FTC, Congress, States Investigating Equifax Over Data Breach
- Filing of Lawsuits Against Equifax Over Data Breach Is Underway
Topics Cyber Legislation Massachusetts
Was this article valuable?
Here are more articles you may enjoy.
AIG General Insurance Chairman McElroy to Retire May 1 
Allstate Reports $731M in Q1 Pretax Catastrophe Losses 
Marsh McLennan Agency to Buy Fisher Brown Bottrell for About $316M 
Progressive Gains as Drivers Shop Around for Auto Insurance—Again 
