BOSTON–The Massachusetts Legislature has moved forward pieces of legislation related to data breaches and a bill is now before the governor for his signature.
Both the Massachusetts House and Senate passed their own versions of bills related to providing more security for consumers and help for victims, and the legislation emerged out of conference committee with strong support before going to Gov. Charlie Baker to make it law.
The legislation addresses consumer protection issues around all phases of a data breach.
Among the components of the Bay State legislation:
- There is a prohibition on credit agencies from charging a fee when consumers seek to limit review of credit information
- Credit agencies would be required to provide 42 months of free credit monitoring to be provided when there is a breach at a bureau, such as the 2017 breach of Equifax
- There is a requirement to companies to provide information about a breach and to identify any affiliate where any breach has occurred
- Companies would be required to update consumers regularly on the breach via electronic communications
- Consumers would have access to 18 months of free credit monitoring in cases where a third party is breached
- Massachusetts residents would have to consent to access a report with exceptions for inquiries that do not affect their credit scores
- The legislation precludes obtaining waivers of consent requirements from anyone who has had their data breached