Presentation on theme: "PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But."— Presentation transcript:
Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s Governed by Rules Defined in the Fair Credit Reporting Act (FCRA) What is a Consumer Reporting Agency?
Main Body of Law Regarding Privacy for Consumer Reporting Agencies FCRA Spells Out: –Under what circumstances & for what purposes can info be collected/reported –What types of info can be collected/reported –Responsibilities of CRA’s and users of info –Consumer rights to access and dispute info Fair Credit Reporting Act (FCRA)
You Must Have a Reason to Request a Report & Certify Information Will Only Be Used for that Purpose: –Court order –Credit transaction –Insurance underwriting –Licensure –Employment purposes Permissible Purposes
Federal Courts & FTC Say It Applies to Contractors Too – Independent Insurance Agents and Brokers One of the Most Restrictive Permissible Purposes As Clearly as U.S. Law Can, Defines the Steps that Must Be Followed “Employment Purposes”
EU Privacy Laws Much Stricter Than U.S. Privacy Considered a Fundamental Right Principals Cover: Notice & Choice Onward Transfer / Sharing Consumer Access & Dispute Resolution Security & Data Integrity European Union’s Privacy Principles
Must Obtain Release & Disclosure Prior to Requesting Background Information –Disclose to them that you will seek information –Obtain “release” authorizing you to do so It’s All “Opt-In” “Opt-Out” = Consumer Doesn’t Have to Sign Release & Disclosure; You Don’t Have to Appoint, Contract or Hire Notice & Choice
Information Can Only Be Used for Purpose Which It Was Requested – Single Permissible Purpose End-User Who Receives Information From a CRA Must Certify that They Will Follow the Privacy Provisions Detailed in FCRA CRA Must Investigate to Ensure that All End-Users Are Legitimate Onward Transfer – Sharing
Consumer Can Request Copy of Info On File At Any Time – Open Access CRA Must Investigate Disputed Info and Validate or Remove From the File FCRA Pre-Adverse Action Process –The following must happen before any negative action taken based on a report: Consumer must be provided copy of report; contact info of CRA; and chance to dispute Consumer Access & Dispute Resolution
People Controls –Mandatory confidentiality agreements for all employees & vendors –Access to data limited Externally to authorized requesters Internally to individuals on need-to-know basis Active Auditing to Ensure Compliance –Email monitoring; Trash audits Security Controls
IT Systems Controls –Adopt & follow industry best practices –External audit & security certification Physical Security Controls –Building access & protection Iris & card scan access; camera monitoring; security alarms & sensors –Physical Security Policies Clean-desk policy; Shredding; Visitor escorts; Photo IDs IT & Physical Security Systems
Stefan Keller, President Business Information Group (BIG) Phone: 800-369-2612 ext. 2003 E-mail: email@example.com@bigreport.com Web: www.bigreport.com Thank You
Your consent to our cookies if you continue to use this website.