Download presentation
Presentation is loading. Please wait.
Published byMagnus Lyons Modified over 10 years ago
1
PRIVACY A Consumer Reporting Agency Perspective
2
Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s Governed by Rules Defined in the Fair Credit Reporting Act (FCRA) What is a Consumer Reporting Agency?
3
Main Body of Law Regarding Privacy for Consumer Reporting Agencies FCRA Spells Out: –Under what circumstances & for what purposes can info be collected/reported –What types of info can be collected/reported –Responsibilities of CRA’s and users of info –Consumer rights to access and dispute info Fair Credit Reporting Act (FCRA)
4
You Must Have a Reason to Request a Report & Certify Information Will Only Be Used for that Purpose: –Court order –Credit transaction –Insurance underwriting –Licensure –Employment purposes Permissible Purposes
5
Federal Courts & FTC Say It Applies to Contractors Too – Independent Insurance Agents and Brokers One of the Most Restrictive Permissible Purposes As Clearly as U.S. Law Can, Defines the Steps that Must Be Followed “Employment Purposes”
6
EU Privacy Laws Much Stricter Than U.S. Privacy Considered a Fundamental Right Principals Cover: Notice & Choice Onward Transfer / Sharing Consumer Access & Dispute Resolution Security & Data Integrity European Union’s Privacy Principles
7
Must Obtain Release & Disclosure Prior to Requesting Background Information –Disclose to them that you will seek information –Obtain “release” authorizing you to do so It’s All “Opt-In” “Opt-Out” = Consumer Doesn’t Have to Sign Release & Disclosure; You Don’t Have to Appoint, Contract or Hire Notice & Choice
8
Information Can Only Be Used for Purpose Which It Was Requested – Single Permissible Purpose End-User Who Receives Information From a CRA Must Certify that They Will Follow the Privacy Provisions Detailed in FCRA CRA Must Investigate to Ensure that All End-Users Are Legitimate Onward Transfer – Sharing
9
Consumer Can Request Copy of Info On File At Any Time – Open Access CRA Must Investigate Disputed Info and Validate or Remove From the File FCRA Pre-Adverse Action Process –The following must happen before any negative action taken based on a report: Consumer must be provided copy of report; contact info of CRA; and chance to dispute Consumer Access & Dispute Resolution
10
While FCRA Does Not Address Directly, Various Other Laws Do, Including GLB Starts with Privacy Policy Backed by Security Controls & Systems –Policy is designed to protect: Data we collect Confidential client data – applicant data –As a CRA, privacy policy is simple – info used for a single purpose, not shared Security & Data Integrity
11
People Controls –Mandatory confidentiality agreements for all employees & vendors –Access to data limited Externally to authorized requesters Internally to individuals on need-to-know basis Active Auditing to Ensure Compliance –Email monitoring; Trash audits Security Controls
12
IT Systems Controls –Adopt & follow industry best practices –External audit & security certification Physical Security Controls –Building access & protection Iris & card scan access; camera monitoring; security alarms & sensors –Physical Security Policies Clean-desk policy; Shredding; Visitor escorts; Photo IDs IT & Physical Security Systems
13
Stefan Keller, President Business Information Group (BIG) Phone: 800-369-2612 ext. 2003 E-mail: skeller@bigreport.comskeller@bigreport.com Web: www.bigreport.com Thank You
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.