1 / 13

PRIVACY A Consumer Reporting Agency Perspective

PRIVACY A Consumer Reporting Agency Perspective. What is a Consumer Reporting Agency?. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s

ince
Download Presentation

PRIVACY A Consumer Reporting Agency Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PRIVACYA Consumer Reporting Agency Perspective

  2. What is a Consumer Reporting Agency? Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But It’s Not Just Credit Reports – NIPR and MIB are CRA’s Governed by Rules Defined in the Fair Credit Reporting Act (FCRA)

  3. Fair Credit Reporting Act (FCRA) Main Body of Law Regarding Privacy for Consumer Reporting Agencies FCRA Spells Out: Under what circumstances & for what purposes can info be collected/reported What types of info can be collected/reported Responsibilities of CRA’s and users of info Consumer rights to access and dispute info

  4. Permissible Purposes You Must Have a Reason to Request a Report & Certify Information Will Only Be Used for that Purpose: Court order Credit transaction Insurance underwriting Licensure Employment purposes

  5. “Employment Purposes” Federal Courts & FTC Say It Applies to Contractors Too – Independent Insurance Agents and Brokers One of the Most Restrictive Permissible Purposes As Clearly as U.S. Law Can, Defines the Steps that Must Be Followed

  6. European Union’s Privacy Principles • EU Privacy Laws Much Stricter Than U.S. • Privacy Considered a Fundamental Right • Principals Cover: • Notice & Choice • Onward Transfer / Sharing • Consumer Access & Dispute Resolution • Security & Data Integrity

  7. Notice & Choice • Must Obtain Release & Disclosure Prior to Requesting Background Information • Disclose to them that you will seek information • Obtain “release” authorizing you to do so • It’s All “Opt-In” • “Opt-Out” = Consumer Doesn’t Have to Sign Release & Disclosure; You Don’t Have to Appoint, Contract or Hire

  8. Onward Transfer – Sharing • Information Can Only Be Used for Purpose Which It Was Requested – Single Permissible Purpose • End-User Who Receives Information From a CRA Must Certify that They Will Follow the Privacy Provisions Detailed in FCRA • CRA Must Investigate to Ensure that All End-Users Are Legitimate

  9. Consumer Access & Dispute Resolution • Consumer Can Request Copy of Info On File At Any Time – Open Access • CRA Must Investigate Disputed Info and Validate or Remove From the File • FCRA Pre-Adverse Action Process • The following must happen before any negative action taken based on a report: • Consumer must be provided copy of report; contact info of CRA; and chance to dispute

  10. Security & Data Integrity • While FCRA Does Not Address Directly, Various Other Laws Do, Including GLB • Starts with Privacy Policy Backed by Security Controls & Systems • Policy is designed to protect: • Data we collect • Confidential client data – applicant data • As a CRA, privacy policy is simple – info used for a single purpose, not shared

  11. Security Controls • People Controls • Mandatory confidentiality agreements for all employees & vendors • Access to data limited • Externally to authorized requesters • Internally to individuals on need-to-know basis • Active Auditing to Ensure Compliance • Email monitoring; Trash audits

  12. IT & Physical Security Systems • IT Systems Controls • Adopt & follow industry best practices • External audit & security certification • Physical Security Controls • Building access & protection • Iris & card scan access; camera monitoring; security alarms & sensors • Physical Security Policies • Clean-desk policy; Shredding; Visitor escorts; Photo IDs

  13. Thank You Stefan Keller, President Business Information Group (BIG) Phone: 800-369-2612 ext. 2003 E-mail: skeller@bigreport.com Web: www.bigreport.com

More Related