For Immediate Release - November 05, 2007

Consumer Affairs Files Security Freeze Regulations

Consumer Affairs Files Security Freeze Regulations

BOSTON - November 5, 2007 - In accordance with the new identity theft prevention law that went into effect on October 31, 2007, the Office of Consumer Affairs and Business Regulation (OCABR) has filed emergency regulations with the Secretary of State's Office to allow consumers to place, temporarily lift and remove security freezes on their credit reports. A public hearing on the guidelines will be held on December 13, 2007.

"The security freeze regulations take effect immediately and, for the first time, give consumers access to a critical tool they need to protect themselves when their personal information is compromised," said Director of Consumer Affairs and Business Regulation Daniel C. Crane.

Specifically, the regulations:

  • Require credit reporting agencies to post information on their websites on how to go about placing, lifting and removing a security freeze;
  • Limit fees for placing, lifting or removing a freeze to $5.00;
  • Require credit reporting agencies to issue a freeze within three business days of receiving the request; send a written confirmation of the freeze within five business days; and temporarily lift or remove a freeze within three business days;
  • Prohibit credit reporting agencies from unilaterally removing a security freeze because of a consumer's misrepresentation without giving the consumer five days prior notice; and
  • Prohibit the consumer credit agency from changing a consumer's name, date of birth, social security number or address until a security freeze is removed without sending written confirmation of the change within 30 days of posting the change.

Additional consumer information about how to obtain and remove a security freeze, including contact information for the three credit reporting agencies, is available online at www.mass.gov/consumer.

The new identity theft prevention law also requires OCABR to issue regulations on standards for the protection of Massachusetts residents' personal information that is owned, licensed, maintained and stored by others. The agency will publish those guidelines within the next 30 days and plans to schedule a public hearing in January.