You'd never know that more than half of the approximately 250 million adults in this country had their personal information pirated by Internet hackers by the glacial pace of our Legislature to shield the state's residents from future large-scale security breakdowns.
According to the State House News Service, a measure dubbed the Equifax bill, a reference to the 145 million subscribers to that credit reporting agency whose Social Security and driver's license numbers were stolen by cyberthieves, failed to advance beyond the Joint Committee on Consumer Protection and Professional Licensure earlier this month.
Sen. Barbara L'Italien, D-Andover, who co-chairs the committee with Rep. Tackey Chan, a Quincy Democrat, told the News Service that she and Chan could not reach agreement on the bill and suggested the House and Senate could each pursue different versions.
That stalemate earned the wrath of several consumer groups, whose pleas for urgency on this matter have apparently fell on deaf Beacon Hill ears.
Chan has revised his version of the bill, which House members were scheduled to consider on Wednesday.
Under Chan's retooled legislation, companies would not be able to obtain, use or seek a credit report "in connection with an application for credit" without first receiving written, verbal or electronic consent from a consumer. Credit agencies would need to provide consumers with disclosures of their rights and could not charge to place or lift a credit freeze.
In the Senate, L'Italien, whose district includes Dracut and Tewksbury, has opted to pursue a version of bill she crafted initially in collaboration with Rep. Jennifer Benson, D-Lunenburg, and then subsequently with Attorney General Maura Healey in the wake of Equifax security disaster.
L'Italien's Senate bill expands on the House version. It would allow consumers to place and lift security freezes on their files at any time for free, requires companies that seek to obtain or use a credit report to seek written consent from the consumer. Additionally, it requires further credit report access after breaches, and calls for credit agencies to encrypt personal information contained in credit reports.
Encryption appears to be the main difference between the bills; the House version doesn't include that provision.
We're not sure what caused the previous deadlock, but this parallel-course tack will be for naught if the same issues remain. Citizens can't be left exposed to further thefts of their personal information while lawmakers argue over language. It's become all the more urgent now that the full extent of Equifax's security breach has come to light.
As first reported by the Wall Street Journal, Equifax hackers also accessed tax identification numbers, email addresses and drivers' license information beyond the license numbers, such as issue dates and by which state. That stolen data would allow criminals to steal a consumer's identity and open fraudulent accounts.
It's time for legislative leaders to insist that the bills' writers resolve their differences and offer compromise solutions to serious privacy breaches that the full Legislature can support.