New Massachusetts Bill Proposes 18 Months Complimentary Credit Monitoring Services for Data Breach Victims

A new bill has been proposed in the state of Massachusetts that aims to enhance protections for customers impacted by data breaches. The bill calls for free credit monitoring services to be given to persons whose personal data is compromised in a data breach.

Rep. Tackey Chan and Sen. Barbara L’Italien chaired the House-Senate conference committee that submitted the bill (H. 4806) on Tuesday. The proposed bill is a compromise bill between competing data security bills submitted to the committee on May 3. The House bill demanded consumers be given one year of credit monitoring services subsequent to a data breach whereas the Senate bill demanded customers be given two years of credit monitoring services subsequent to a data breach.

The conference committee bill chooses the middle ground, asking for 18 months of credit monitoring services to be provided to customers at zero cost subsequent to a standard security breach. When a data breach is experienced by a credit monitoring company, affected consumers would be required to be provided with 42 weeks of credit monitoring services without charge. This is likewise a compromise, as the Senate bill required 5 years of complimentary credit monitoring services to be given to consumers affected by a data breach at a credit reporting agency.

Whenever consumers are informed that their personal information has been compromised in a data breach they are usually instructed to put a security freeze on their credit files as a safeguard against fraud. The fees charged for placing and removing security freezes differs from state to state, though normally it costs between $5 and $10.

Certain states already forbid the charging of these fees and in May 2018, President Trump signed the Economic Growth, Regulatory Relief and Consumer Protection Act, which is going to make placing and removing security freezes totally free starting in September 2018. H. 4806 likewise requires the removal of these charges.

The bill also adds a requirement for companies to obtain permission from consumers before they are permitted to check a credit record or obtain a copy of an individual’s credit report.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: