Massachusetts Attorney General Maura Healey announced updated legislation that will remove fees for security freezes and consumer credit reports.  The new legislation (SB 130/HB 134) includes several pro-consumer changes:

  • Consent – Any company seeking to obtain or use a consumer’s credit report or credit score will need the written consent of the consumer and must disclose the reason for seeking access to the information.
  • Credit freeze – The bill would allow consumers to place and lift a credit freeze on their files at any time at no cost.  The new legislation will require the credit reporting agencies (CRAs) to put in place a simple process for consumers to freeze and unfreeze their credit reports.
  • Credit reports – The bill will require each CRA to provide extra access to free credit reports to consumers impacted by a breach.  Under federal law, consumers only get access to one free credit report per year, but under the new Massachusetts legislation, affected consumers will be able to obtain no less than three free copies from each CRA after a data breach.
  • Credit monitoring – If a data breach occurs at a CRA, the bill requires the CRA to provide five years of free credit monitoring to affected consumers.
  • Encryption – The bill will require CRAs to encrypt personal information contained in consumer credit reports to enhance the security, confidentiality, and integrity of personal information.

It is likely that other states will propose similar legislation.  In addition, the AG’s Office has issued guidance for consumers following the Equifax data breach.