Massachusetts law about identity theft

Laws, regulations, cases, and web sources on identity theft law.

If you are unable to find the information you are looking for, or if you have a specific question, please contact our law librarians for assistance.

Table of Contents

Best bets

The federal government’s 1–stop resource for victims. On the site, you can report and put together a plan to recover from identity theft.

Identity theft, data privacy and cyber security, Mass. Office of Consumer Affairs and Business Regulation.
Learn about the cyber security threats, scams and data breaches that put your identity and finances at risk. Includes links to helpful documents and for submitting a report of a data breach at your business.

Massachusetts laws

MGL c. 66A Protection of personal data held by government agencies

MGL c. 93, § 56 Disclosures to consumer; written explanation; notice of rights; content of notice
You have a right to request a “security freeze” on your consumer report free of charge.

MGL c. 93, § 62A Consumer requested security freeze on consumer report

MGL c. 93, § 62B Offering of paid products to prevent or restrict access to credit; notice of availability of security freeze without charge; identification of other consumer reporting agencies from which to place, lift or remove security freeze

MGL c. 93H Security breaches
Enacted in 2007. Mandates reporting of personal data breaches, disposal of personal information, and gives the consumer the ability to place a security freeze on their credit reports.

MGL c. 266, § 37E Identity theft: use of personal identification of another; identity fraud; penalty; restitution

Massachusetts regulations

201 CMR 16 Placing, lifting and removal of security freezes

201 CMR 17 Standards for the protection of personal information of residents of the Commonwealth 

940 CMR 27 Safeguard of personal information

Massachusetts rules

Supreme Judicial Court Rule 1:24 Protection of personal identifying information in publicly accessible court documents

Federal laws and regulations

Federal laws

Fair and Accurate Credit Transactions Act of 2003 (FACTA), Pub. L. 108-159, 111 Stat. 1952, codified at 15 USC §§ 1681-1681x.
Highlights of the law include: 1) requirement that the 3 major credit reporting agencies provide consumers with a free copy of their own credit report every 12 months, 2) National Fraud Alert System through which consumers who suspect fraud can place an alert on their credit files and 3) requirement that account numbers on credit card receipts be truncated so that those who may have access to the receipts do not have access to consumers' names and full credit card numbers.

Identity Theft and Assumption Deterrence Act of 1998, Pub. L. 105-318, 112 Stat. 3007, Federal Trade Commission, codified at 18 USC §1028.
Provides access to full text of the federal law.

Identity Theft Penalty Enhancement Act, Pub. L. 108-275, 118 Stat. 831, July 2004, codified at 18 USC § 1028A.
Federal law that increases penalty for certain types of identity theft.

Red Flag Program Clarification Act, Pub. L.111-319, 124 Stat. 3457, December 2010, codified at 15 USC §§ 1601-1602.
Narrows the scope of entities covered as “creditors” under the Red Flags Rule.

Federal regulations

16 CFR Part 682, Disposal of Consumer Report Information and Records.
Regulations promulgated under FACTA on proper disposal of consumer information.

Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, November 9, 2007.
Changes affect several CFR sections. For a current version of the regulations, see the eCFR.

Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003, as Amended by the Red Flag Program Clarification Act of 2010; Interim Final Rule, December 6, 2012.
Narrows the scope of entities covered as “creditors” under the Red Flags Rule.

Web sources

201 CMR 17 compliance checklist, Mass. Office of Consumer Affairs and Business Regulation.
"a useful tool to aid in the development of a written information security program for a small business or individual that handles 'personal information.' Each item, presented in question form, highlights a feature of 201 CMR 17.00 that will require proactive attention in order for a plan to be compliant."

Authentication in an internet banking environment, Federal Financial Institutions Examination Council.
Guidance requires increased security for online banks, beginning in 2006. Financial institutions are free to design their own security systems that meet these guidelines.

Frequently asked questions regarding 201 CMR 17, Mass. Office of Consumer Affairs and Business Regulation.
Very basic information about the regulations in a question and answer format.

Identity theft, Mass. Office of Consumer Affairs and Business Regulation.
Provides basic information in the following areas: What is identity theft? How do ID thieves get your information? What should you do if your identity is stolen? Place a fraud alert on your credit reports.

Identity theft recovery steps, Federal Trade Commission.
Explains steps to take if you believe you are a victim of identity theft.

Report identity theft, Mass. Attorney General.
Reporting to law enforcement, reporting to creditors & credit agencies, freezing your credit & placing fraud alerts, and reporting to government agencies.

Taxpayer guide to identity theft, IRS.
Know the signs, take action, protect your data. 

Print sources

112 Am. Jur. Trials 1, Litigating Identity Theft Cases.

31 Causes of Action 2d 1, Cause of Action for Identity Theft.

Consumer law, 4th ed. (Mass Practice v.35A), Thomson Reuters, 2021with supplement. Sections 17:96-17:104 Identity theft.  

Credit repair by Amy Loftsgordon, Nolo, 2022. (eBook available here with library card).

Data security and privacy in Massachusetts, 3rd ed., MCLE, 2021.

Fair credit reporting, 10th ed., Chapter 9: Identity theft – FCRA and other protections; and Appendix H: Summary of state laws on consumer reporting, identity theft, credit repair, and security freezes. National Consumer Law Center, 2022.

Identity theft - Consumer view, MCLE, 2014.

Contact   for Massachusetts law about identity theft

Last updated: March 20, 2024

Help Us Improve  with your feedback

Please do not include personal or contact information.