Western Union 2014 Annual Report Download - page 157

Download and view the complete annual report

Please find page 157 of the 2014 Western Union annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 306

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306

2014 FORM 10-K
19
Privacy Regulations and Information Security Standards
We must collect, transfer, disclose, use and store personal information in order to provide our services. These activities are
subject to information security standards, data privacy, data breach and related laws and regulations in the United States and other
countries. In the United States, data privacy and data breach laws such as the federal Gramm-Leach-Bliley Act and various state
laws apply directly to a broad range of financial institutions including money transfer providers like Western Union, and indirectly
to companies that provide services to or on behalf of those institutions. The United States Federal Trade Commission ("FTC") has
an on-going program of investigating the privacy practices of companies and has commenced enforcement actions against many,
resulting in multimillion dollar settlements and multi-year agreements governing the settling companies' privacy practices. The
FTC, several states and data protection authorities in other countries have expanded their area of concern to include privacy
practices related to online and mobile applications. Many state laws require us to provide notification to affected individuals, state
officers and consumer reporting agencies in the event of a data breach of computer databases or physical documents that contain
certain types of non-public personal information and present a risk for unauthorized use or potential harm.
The collection, transfer, disclosure, use and storage of personal information required to provide our services is subject to data
privacy laws outside of the United States, such as laws adopted pursuant to the EU's 95/46 EC Directive of the European Parliament,
and other national and provincial laws throughout the world. In some cases, these laws are more restrictive than the Gramm-Leach-
Bliley Act and impose more stringent duties on companies. These laws, which are not uniform, do one or more of the following:
regulate the collection, transfer (including in some cases, the transfer outside the country of collection), processing, storage, use
and disclosure of personal information, require notice to individuals of privacy practices, and give individuals certain access and
correction rights with respect to their personal information and prevent the use or disclosure of personal information for secondary
purposes such as marketing. Under certain circumstances, some of these laws require us to provide notification to affected
individuals, data protection authorities and/or other regulators in the event of a data breach.
These regulations, laws and industry standards also impose requirements for safeguarding personal information through the
issuance of internal data security standards, controls or guidelines. Western Union maintains and upgrades its systems and processes
to protect the security of our computer systems, software, networks and other technology assets. For further discussion of these
risks, see Part I, Item 1A, Risk Factors - "Breaches of our information security policies or safeguards could adversely affect our
ability to operate and could damage our reputation, business, financial condition and results of operations."
In connection with regulatory requirements to assist in the prevention of money laundering and terrorist financing and pursuant
to legal obligations and authorizations, Western Union makes information available to certain United States federal, state, and
foreign government agencies when required by law. In recent years, Western Union has experienced increasing data sharing requests
by these agencies, particularly in connection with efforts to prevent terrorist financing or reduce the risk of identity theft. During
the same period, there has also been increased public attention to the corporate use and disclosure of personal information,
accompanied by legislation and regulations intended to strengthen data protection, information security and consumer privacy.
These regulatory goals - the prevention of money laundering, terrorist financing and identity theft and the protection of the
individual's right to privacy - may conflict, and the law in these areas is not consistent or settled. While we believe that Western
Union is compliant with its regulatory responsibilities, the legal, political and business environments in these areas are rapidly
changing, and subsequent legislation, regulation, litigation, court rulings or other events could expose Western Union to increased
program costs, liability and reputational damage.
Banking Regulation
We have subsidiaries that operate under banking licenses granted by the Austrian Financial Market Authority and the Brazilian
Central Bank. We are also subject to regulation, examination and supervision by the New York State Department of Financial
Services (the "Financial Services Department"), which has regulatory authority over our entity that holds all interests in these
subsidiaries. Further, an Agreement of Supervision with the Financial Services Department imposes various regulatory
requirements including operational limitations, capital requirements, affiliate transaction limitations, and notice and reporting
requirements on this entity. However, because this entity and its subsidiaries do not exercise banking powers in the United States,
we are not subject to the Bank Holding Company Act in the United States.