U.S. Rep. Barney Frank, D-Massachusetts, has been a leader in the push for national identity-theft legislation.

Massachusetts’ new identity-theft law will require anyone who collects or holds consumer financial data to meet the same standards that banks do, under federal law, for destroying it before it has a chance to be compromised.

The law, signed by Gov. Deval Patrick earlier this month and slated to take effect in early November, also will require the holder of any compromised data to notify consumers promptly if their data is accessed, with potential for harm.

In addition, it will allow any consumer to place a proactive freeze on his or her credit file for a $5 fee, paid to a credit reporting agency such as Equifax. Such freezes, which prevent most parties from accessing new credit in a consumer’s name without the consumer’s express authorization, would be free to identity theft victims.

Massachusetts is the last state in New England, and the 39th in the nation, to add a credit-freeze law to its books.

The new law, a pet project of the Massachusetts Bankers Association, is “a great step forward” for the industry, especially the notification provision, said John Heerwagen, the new president, chairman and chief executive officer of Middlesex Savings Bank.

Banks already are governed by the provisions in the Gramm-Leach-Bliley Act, the 1999 U.S. law that requires financial institutions and those who receive information from them to protect the information from foreseeable threats, he explained. The state law places similar personal data-destruction provisions on retailers and state agencies.

Banks are pleased, Heerwagen said, that “the entity that caused a breach” will now have to tell consumers about it.

MBA Chief Operating Officer and Executive Vice President Kevin Kiley said the new law won’t result in any significant compliance changes for banks, but said the association will offer a seminar to inform members about the few items that could affect them.

“We applaud the Legislature for its work on this,” he said, “because it helps provide consumers with important protections to guard against identity theft, without overburdening banks.”

Indeed, the new law also has been hailed by consumer advocate group MassPIRG as a “comprehensive” measure that “addresses the problem Â… on several fronts.”

Massachusetts Attorney General Martha Coakley, whose agency will enforce the law – and who herself was a victim of identity theft earlier this year – has said she looks forward to implementing it.

Massachusetts Retailers Association President Jon B. Hurst called the law “balanced.”

Hurst said the 3,000-member association is working to help its smaller “mom-and-pop” members address a relatively unusual provision that will require the destruction of paper in addition to electronic financial data.

Major retailers with Massachusetts outlets have been the target of banks angry about the cost of replacing credit cards following data breaches at those stores. Earlier versions of the new law would have forced retailers to pay those costs, but they were removed because legislators didn’t want to interfere with existing contracts between banks and retailers, explained Rep. William Straus, D-Mattapoisett, a member of the state Legislature’s Consumer Affairs Committee, which considered several identity-theft bills, and the conference committee that put out the final version.

‘A Reasonable Balance’

The Massachusetts Bankers Association also has a lawsuit pending in U.S. District Court against Framingham-based TJX Cos., parent company of T.J. Maxx, Marshalls, A.J. Wright and others, claiming it failed to protect the financial data of millions of credit and debit card holders, and seeking reimbursement for banks’ costs to replace the cards, among other remedies.

Kevin Tierney, president and chief executive officer of Saugusbank, a co-plaintiff in that lawsuit, said that even though the final bill doesn’t contain the liability provision, “we are pleased it contains many of the initial provisions that we sought.”

In the end, he said, the bill strikes “a reasonable balance” for the business community, banking community and consumers.

Police departments also are required, under the new law, to provide a copy of a police report detailing an identity theft incident to consumers, even if the crime did not occur in their jurisdiction. Victims need a copy of the report to clean up their finances following an incident of identity theft, and to qualify for a free security freeze.

The law also allows consumers to lift security freezes they’ve placed on their credit files, using the personal identification number that a credit-reporting agency would have provided when the consumer requested the freeze.

HarborOne Credit Union President and Chief Executive Officer James Blake said he, for one, will be interested in how credit-reporting agencies plan to deal with the new law.

“Today, someone can go in and apply for credit in your name and you have no recourse,” he said. Federal law does allow consumers to place a temporary “fraud alert” on their accounts if they suspect misuse.

Norm Magnuson, spokesman for the Consumer Data Industry Association in Washington, D.C., said that what CDIA knows – based on watching the other states that have signed credit-freeze legislation into law – is that only 50,000 consumers have asked for one since the first law was passed in 2001.

“From a consumer standpoint, that’s not a ringing endorsement of the concept,” he said. He guessed that consumers who might need sudden access to credit may not find the reality practical.

Blake said he still sees the need for unified, national identity-theft legislation that would address the cost of card replacement.

“We are continuing to look to Barney Frank [the Newton Democrat who is chairman of the U.S. House Financial Services Committee], who’s been a leader on that issue,” he said.

In February, Blake wrote to TJX Chairman and Acting Chief Executive Officer Bernard Cammarata, telling him HarborOne intended to bill the company for its card replacement costs of at least $100,000 that resulted from the TJX breach.

Blake said the company has since indicated it claims no responsibility at this point. HarborOne is now looking to participate in one of the many class-action lawsuits filed against TJX and some of its individual retailers earlier this year in the wake of the breach.