January, 2019 /Experian/ -- Legislative & Public Policy Update - State Update.
Massachusetts sends breach, credit reporting bill back to Governor
Legislation addressing data breach response and credit reporting obligations was conditionally vetoed in August and now returns to the Governor after amendments. The legislation, HB 4806, includes a requirement that a company obtain consent from a consumer prior to using a consumer report. Because of conflicts with the FCRA, the Governor requested changes before signing it into law. CDIA and financial and insurance trade associations worked with the legislature to include an exemption for a user that obtains a consumer report from a consumer reporting agency under the FCRA. The legislation also requires breached entities to provide 18 months of credit monitoring if the breach involved Social Security Numbers. For nationwide credit reporting agencies, the bill would require 42 months of credit monitoring. The legislation is now pending before Governor Charlie Baker.
DC passes legislation to require disclosures of automatic contract renewals
On December 4, the District of Columbia Council (DC Council) had its final advance of B22-20, the Structured Settlements and Automatic Renewal Protections Act of 2018. Title II of the bill would regulate consumer contracts that automatically renew. It would require contracts with an initial term of 12 months or more to obtain a consumer’s affirmative written consent to the first automatic renewal and annually thereafter before charging the consumer. For contracts with a free trial that renew for one month or more, the legislation requires notice to a consumer between 72 and 24 hours of the free trial expiring as well as affirmative consent to the renewal before charging the consumer. Approved Act of the Council must be sent to the United States House of Representatives and the United States Senate for a period of 30 days before becoming effective. Experian worked with a broad coalition of technology companies and coalitions, including the Internet Alliance, to remove difficult compliance obligations from the legislation.
California AG to Hold Public Forums on CCPA Rulemaking
On December 19, California Attorney General Xavier Becerra announced that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA). The forums will provide an initial opportunity for the public to participate in the CCPA rulemaking process. As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. Experian continues to work with a broad coalition of businesses, including the California Chamber of Commerce and the Consumer Data Industry Association, to address concerns with the CCPA.