Bill Proposes 18 Months Free Credit Monitoring Services for Data Breach Victims in Massachusetts

A new bill has been introduced in Massachusetts that seeks to improve protections for consumers affected by data breaches. The bill calls for free credit monitoring services to offered to individuals whose personal information was exposed in a security breach.

The bill (H.4806) was filed on Tuesday by a House-Senate conference committee chaired by Rep. Tackey Chan and Sen. Barbara L’Italien and is a compromise bill between competing data security bills that were sent to the committee on May 3. The House Bill required consumers to be provided with a year of credit monitoring services following a data breach whereas the Senate bill required consumers to be provided with 2 years of credit monitoring services following a data breach.

The conference committee bill takes the middle ground, requiring 18 months of credit monitoring services to be provided to consumers free of charge following a standard security breach. However, a data breach at a credit monitoring company (Equifax, Experian, TransUnion) would require affected consumers to be provided with 42 weeks of credit monitoring services. This is also a compromise, as the Senate bill called for 5 years of free credit monitoring services to be provided to consumers following a breach at a credit reporting agency.

When consumers are notified that their personal information has been compromised in a data breach they are often advised to place a security freeze on their credit files as a protection against fraud. The fees charged for placing and removing security freezes varies state to state, although typically it costs $5 to $10.

Since breach victims are not to blame for the exposure of their personal data, many believe the placing and lifting of security freezes should not come at a cost. Some states already prohibit the charging of fees and in May 2018, President Trump signed the Economic Growth, Regulatory Relief and Consumer Protection Act, which will make placing and lifting security freezes free of charge from September. H.4806 similarly calls for the lifting of the charges.

The bill also requires companies to obtain consent from consumers before they are permitted to check an individual’s credit file or obtain a credit report.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.