WeVote

Bill

Bill

SB 157

AN ACT REQUIRING CONSUMERS' CONSENT TO STORE CREDIT CARD OR OTHER PAYMENT INFORMATION.

2025 Regular Session Introduced by Henri Martin

Requires explicit consumer consent before businesses store credit card data, giving individuals control over payment information retention and reducing breach exposure risk.

REF. TO JOINT COMM. ON General Law
0
WeVote Research Nonpartisan
Bill Summary · SB 157

Legislative bill overview

SB 157 would require businesses to obtain explicit consumer consent before storing credit card or other payment information on their systems. The bill establishes a legal requirement that consumers must affirmatively authorize data retention, rather than allowing automatic storage as a default practice.

Why is this important

Payment card data breaches affect millions of consumers annually, and stored payment information represents a high-value target for criminals. This bill addresses a genuine consumer protection concern by giving individuals control over whether their sensitive financial data is retained, potentially reducing their exposure if a merchant's systems are compromised.

Potential points of contention

  • Business operational burden: Retailers, subscription services, and payment processors argue that consent requirements complicate recurring transactions, one-click purchasing, and fraud prevention systems that rely on stored payment data
  • Consent fatigue: Critics worry that adding another consent requirement to already lengthy terms of service may reduce meaningful consumer understanding rather than enhance it
  • Scope ambiguity: The bill's definition of "payment information" and which business entities must comply (merchants, payment processors, third-party platforms) could create compliance uncertainty and inconsistent application across industries

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.