25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Bill Proposes 18 Months Free Credit Monitoring Services for Data Breach Victims in Massachusetts

Posted By on Jul 25, 2018

A new bill has been introduced in Massachusetts that seeks to improve protections for consumers affected by data breaches. The bill calls for free credit monitoring services to offered to individuals whose personal information was exposed in a security breach.

The bill (H.4806) was filed on Tuesday by a House-Senate conference committee chaired by Rep. Tackey Chan and Sen. Barbara L’Italien and is a compromise bill between competing data security bills that were sent to the committee on May 3. The House Bill required consumers to be provided with a year of credit monitoring services following a data breach whereas the Senate bill required consumers to be provided with 2 years of credit monitoring services following a data breach.

The conference committee bill takes the middle ground, requiring 18 months of credit monitoring services to be provided to consumers free of charge following a standard security breach. However, a data breach at a credit monitoring company (Equifax, Experian, TransUnion) would require affected consumers to be provided with 42 weeks of credit monitoring services. This is also a compromise, as the Senate bill called for 5 years of free credit monitoring services to be provided to consumers following a breach at a credit reporting agency.

When consumers are notified that their personal information has been compromised in a data breach they are often advised to place a security freeze on their credit files as a protection against fraud. The fees charged for placing and removing security freezes varies state to state, although typically it costs $5 to $10.

Since breach victims are not to blame for the exposure of their personal data, many believe the placing and lifting of security freezes should not come at a cost. Some states already prohibit the charging of fees and in May 2018, President Trump signed the Economic Growth, Regulatory Relief and Consumer Protection Act, which will make placing and lifting security freezes free of charge from September. H.4806 similarly calls for the lifting of the charges.

The bill also requires companies to obtain consent from consumers before they are permitted to check an individual’s credit file or obtain a credit report.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist