Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

Published byMagnus Lyons Modified over 10 years ago

Similar presentations

Presentation on theme: "PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But."— Presentation transcript:

1 PRIVACY A Consumer Reporting Agency Perspective

2 Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s Governed by Rules Defined in the Fair Credit Reporting Act (FCRA) What is a Consumer Reporting Agency?

3 Main Body of Law Regarding Privacy for Consumer Reporting Agencies FCRA Spells Out: –Under what circumstances & for what purposes can info be collected/reported –What types of info can be collected/reported –Responsibilities of CRA’s and users of info –Consumer rights to access and dispute info Fair Credit Reporting Act (FCRA)

4 You Must Have a Reason to Request a Report & Certify Information Will Only Be Used for that Purpose: –Court order –Credit transaction –Insurance underwriting –Licensure –Employment purposes Permissible Purposes

5 Federal Courts & FTC Say It Applies to Contractors Too – Independent Insurance Agents and Brokers One of the Most Restrictive Permissible Purposes As Clearly as U.S. Law Can, Defines the Steps that Must Be Followed “Employment Purposes”

6 EU Privacy Laws Much Stricter Than U.S. Privacy Considered a Fundamental Right Principals Cover: Notice & Choice Onward Transfer / Sharing Consumer Access & Dispute Resolution Security & Data Integrity European Union’s Privacy Principles

7 Must Obtain Release & Disclosure Prior to Requesting Background Information –Disclose to them that you will seek information –Obtain “release” authorizing you to do so It’s All “Opt-In” “Opt-Out” = Consumer Doesn’t Have to Sign Release & Disclosure; You Don’t Have to Appoint, Contract or Hire Notice & Choice

8 Information Can Only Be Used for Purpose Which It Was Requested – Single Permissible Purpose End-User Who Receives Information From a CRA Must Certify that They Will Follow the Privacy Provisions Detailed in FCRA CRA Must Investigate to Ensure that All End-Users Are Legitimate Onward Transfer – Sharing

9 Consumer Can Request Copy of Info On File At Any Time – Open Access CRA Must Investigate Disputed Info and Validate or Remove From the File FCRA Pre-Adverse Action Process –The following must happen before any negative action taken based on a report: Consumer must be provided copy of report; contact info of CRA; and chance to dispute Consumer Access & Dispute Resolution

10 While FCRA Does Not Address Directly, Various Other Laws Do, Including GLB Starts with Privacy Policy Backed by Security Controls & Systems –Policy is designed to protect: Data we collect Confidential client data – applicant data –As a CRA, privacy policy is simple – info used for a single purpose, not shared Security & Data Integrity

11 People Controls –Mandatory confidentiality agreements for all employees & vendors –Access to data limited Externally to authorized requesters Internally to individuals on need-to-know basis Active Auditing to Ensure Compliance –Email monitoring; Trash audits Security Controls

12 IT Systems Controls –Adopt & follow industry best practices –External audit & security certification Physical Security Controls –Building access & protection Iris & card scan access; camera monitoring; security alarms & sensors –Physical Security Policies Clean-desk policy; Shredding; Visitor escorts; Photo IDs IT & Physical Security Systems

13 Stefan Keller, President Business Information Group (BIG) Phone: 800-369-2612 ext. 2003 E-mail: skeller@bigreport.comskeller@bigreport.com Web: www.bigreport.com Thank You

Download ppt "PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.

Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.
ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.
National Science Foundation Division of Science Resources Statistics May 15 2008 The Confidential Information Protection and Statistical Efficiency Act.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Prepared for: Presented by: Risky Business 2012 Conference Tony La Rosa, Manager Mid-Iowa Credit Counseling Park Fair Mall 100 E. Euclid Ave., Ste. 157.

Prepared for: Presented by: Risky Business 2012 Conference Tony La Rosa, Manager Mid-Iowa Credit Counseling Park Fair Mall 100 E. Euclid Ave., Ste. 157.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Identity Theft By: Nakeisha Barnett Thursday 2-3:15 3/4/06.

Identity Theft By: Nakeisha Barnett Thursday 2-3:15 3/4/06.

Similar presentations

Ads by Google