Data Protection Report - Norton Rose Fulbright

On Thursday, April 26, 2018, the Massachusetts Senate unanimously passed a data breach protection bill that strengthens consumer protections after security breaches involving consumer credit reporting agencies.  If passed, the proposed legislation would amend Massachusetts’s current breach notification law.  The bill aims to help consumers protect their sensitive information before, during, and after a data breach.

The bill requires:

-credit reporting agencies to offer consumers impacted by a breach at least five years of credit monitoring services;

-agencies to allow consumers to be able to freeze and unfreeze their credit without charge, and the reporting agencies must honor a consumer’s request to institute a security freeze within three days of a written request or just one day by a telephonic or electronic request;

-impacted consumers to be able to keep their right to take future legal action if a breach exposes Social Security numbers; and

-parties to disclose their reasoning and receive the consumer’s consent before viewing a consumer’s credit report.

The legislation follows a growing trend among state legislatures in addressing consumer data protections in the wake of widely publicized breaches, such as the recent Equifax breach.  The Massachusetts House of Representatives previously passed a similar bill.  Once both chambers vote on a reconciled bill it will go to the governor before becoming law.  The Data Protection Report will continue to monitor the status of this data protection bill as well as other potential data protection legislation in Massachusetts and throughout the U.S.