Western Union 2012 Annual Report Download - page 24

Download and view the complete annual report

Please find page 24 of the 2012 Western Union annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 158

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158

19
Privacy and Information Security Regulations
The collection, transfer, disclosure, use and storage of personal information are required to provide our services. These activities
are subject to information security standards, data privacy, data breach and related laws and regulations in the United States and
other countries. In the United States, data privacy and data breach laws such as the federal Gramm-Leach-Bliley Act and various
state laws apply directly to a broad range of financial institutions including money transmitters like Western Union, and indirectly
to companies that provide services to or on behalf of those institutions. The United States Federal Trade Commission (“FTC”)
has an on-going program of investigating the privacy practices of companies and has commenced enforcement actions against
many, resulting in multimillion dollar settlements and multi-year agreements governing the settling companies' privacy practices.
The FTC and several states have expanded their area of concern to include privacy practices related to mobile applications. Many
state laws require us to provide notification to affected individuals, state officers and consumer reporting agencies in the event of
a security breach of computer databases or physical documents that contain certain types of non-public personal information and
present a risk for unauthorized use.
The collection, transfer, disclosure, use and storage of personal information required to provide our services is subject to data
privacy laws outside of the United States, such as laws adopted pursuant to the EU's 95/46 EC Directive of the European Parliament
(the “Data Protection Directive”), and individual national and provincial laws throughout the world. In some cases, these laws are
more restrictive than the Gramm-Leach-Bliley Act and impose additional duties on companies. These laws, which are not uniform,
do one or more of the following: restrict the collection, transfer, processing, storage, use and disclosure of personal information,
require notice to individuals of privacy practices and may give individuals certain rights to prevent the use or disclosure of personal
information for secondary purposes such as marketing.
These regulations, laws and industry standards also impose requirements for safeguarding personal information through the
issuance of internal data security standards, controls or guidelines.
In connection with regulatory requirements to assist in the prevention of money laundering and terrorist financing and pursuant
to legal obligations and authorizations, Western Union makes information available to certain United States federal and state, as
well as certain foreign, government agencies when required by law. In recent years, these agencies have increased their requests
for such information from Western Union and other companies (both financial service providers and others), particularly in
connection with efforts to prevent terrorist financing or identity theft. During the same period, there has also been increased public
attention regarding the corporate use and disclosure of personal information, accompanied by legislation and regulations intended
to strengthen data protection, information security and consumer privacy. These regulatory goals - the prevention of money
laundering, terrorist financing and identity theft and the protection of the individual's right to privacy - may conflict, and the law
in these areas is not consistent or settled. While we believe that Western Union is compliant with its regulatory responsibilities,
the legal, political and business environments in these areas are rapidly changing, and subsequent legislation, regulation, litigation,
court rulings or other events could expose Western Union to increased program costs, liability and reputational damage.
Banking Regulation
We have subsidiaries that operate under banking licenses granted by the Austrian Financial Market Authority and the Brazilian
Central Bank which subject these subsidiaries to Austrian and Brazilian regulations. We are also subject to regulation, examination
and supervision by the New York Department of Financial Services (the “Financial Services Department”), which has regulatory
authority over our entity that holds all interests in these subsidiaries, a limited liability investment company organized under
Article XII of the New York Banking Law. An Agreement of Supervision with the Financial Services Department imposes various
regulatory requirements including operational limitations, capital requirements, affiliate transaction limitations, and notice and
reporting requirements. Financial Services Department approval is required under the New York Banking Law and the Agreement
of Supervision prior to any change in control of the Article XII investment company.
Since these subsidiaries do not operate any banking offices in the United States and do not conduct business in the United
States except as may be incidental to their activities outside the United States, our Company's affiliation with these subsidiaries
does not cause them to be subject to the provisions of the Bank Holding Company Act in the United States.