Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

Similar presentations


Presentation on theme: "PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But."— Presentation transcript:

1 PRIVACY A Consumer Reporting Agency Perspective

2 Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s Governed by Rules Defined in the Fair Credit Reporting Act (FCRA) What is a Consumer Reporting Agency?

3 Main Body of Law Regarding Privacy for Consumer Reporting Agencies FCRA Spells Out: –Under what circumstances & for what purposes can info be collected/reported –What types of info can be collected/reported –Responsibilities of CRA’s and users of info –Consumer rights to access and dispute info Fair Credit Reporting Act (FCRA)

4 You Must Have a Reason to Request a Report & Certify Information Will Only Be Used for that Purpose: –Court order –Credit transaction –Insurance underwriting –Licensure –Employment purposes Permissible Purposes

5 Federal Courts & FTC Say It Applies to Contractors Too – Independent Insurance Agents and Brokers One of the Most Restrictive Permissible Purposes As Clearly as U.S. Law Can, Defines the Steps that Must Be Followed “Employment Purposes”

6 EU Privacy Laws Much Stricter Than U.S. Privacy Considered a Fundamental Right Principals Cover: Notice & Choice Onward Transfer / Sharing Consumer Access & Dispute Resolution Security & Data Integrity European Union’s Privacy Principles

7 Must Obtain Release & Disclosure Prior to Requesting Background Information –Disclose to them that you will seek information –Obtain “release” authorizing you to do so It’s All “Opt-In” “Opt-Out” = Consumer Doesn’t Have to Sign Release & Disclosure; You Don’t Have to Appoint, Contract or Hire Notice & Choice

8 Information Can Only Be Used for Purpose Which It Was Requested – Single Permissible Purpose End-User Who Receives Information From a CRA Must Certify that They Will Follow the Privacy Provisions Detailed in FCRA CRA Must Investigate to Ensure that All End-Users Are Legitimate Onward Transfer – Sharing

9 Consumer Can Request Copy of Info On File At Any Time – Open Access CRA Must Investigate Disputed Info and Validate or Remove From the File FCRA Pre-Adverse Action Process –The following must happen before any negative action taken based on a report: Consumer must be provided copy of report; contact info of CRA; and chance to dispute Consumer Access & Dispute Resolution

10 While FCRA Does Not Address Directly, Various Other Laws Do, Including GLB Starts with Privacy Policy Backed by Security Controls & Systems –Policy is designed to protect: Data we collect Confidential client data – applicant data –As a CRA, privacy policy is simple – info used for a single purpose, not shared Security & Data Integrity

11 People Controls –Mandatory confidentiality agreements for all employees & vendors –Access to data limited Externally to authorized requesters Internally to individuals on need-to-know basis Active Auditing to Ensure Compliance – monitoring; Trash audits Security Controls

12 IT Systems Controls –Adopt & follow industry best practices –External audit & security certification Physical Security Controls –Building access & protection Iris & card scan access; camera monitoring; security alarms & sensors –Physical Security Policies Clean-desk policy; Shredding; Visitor escorts; Photo IDs IT & Physical Security Systems

13 Stefan Keller, President Business Information Group (BIG) Phone: ext Web: Thank You


Download ppt "PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But."

Similar presentations


Ads by Google