Western Union 2015 Annual Report Download - page 121

Download and view the complete annual report

Please find page 121 of the 2015 Western Union annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 266

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266

19
Privacy Regulations and Information Security Standards
We must collect, transfer, disclose, use and store personal information in order to provide our services. These activities are
subject to information security standards, data privacy, data breach and related laws and regulations in the United States and other
countries. In the United States, data privacy and data breach laws such as the federal Gramm-Leach-Bliley Act and various state
laws apply directly to a broad range of financial institutions including money transfer providers like Western Union, and indirectly
to companies that provide services to or on behalf of those institutions. The United States Federal Trade Commission ("FTC") has
an on-going program of investigating the privacy practices of companies and has commenced enforcement actions against many,
resulting in multimillion dollar settlements and multi-year agreements governing the settling companies' privacy practices. The
FTC, CFPB, and several states have expanded their area of concern to include privacy practices related to online and mobile
applications. Many state laws require us to provide notification to affected individuals, state officers and consumer reporting
agencies in the event of a data breach of computer databases or physical documents that contain certain types of non-public personal
information and present a risk for unauthorized use or potential harm.
The collection, transfer, disclosure, use and storage of personal information required to provide our services is subject to data
privacy laws in countries outside of the United States, such as laws adopted pursuant to the EU's 95/46 EC Directive of the European
Parliament, and other national and provincial laws throughout the world. In some cases, these laws are more restrictive than the
Gramm-Leach-Bliley Act and impose more stringent duties on companies. As in the United States, areas of concern include online
and mobile applications. These laws, which are not uniform, do one or more of the following: regulate the collection, transfer
(including in some cases, the transfer outside the country of collection), processing, storage, use and disclosure of personal
information, require notice to individuals of privacy practices, and give individuals certain access and correction rights with respect
to their personal information and prevent the use or disclosure of personal information for secondary purposes such as marketing.
Under certain circumstances, some of these laws require us to provide notification to affected individuals, data protection authorities
and/or other regulators in the event of a data breach. The European Parliament and the Council of the European Union are expected
to adopt a comprehensive general data privacy regulation (“GDPR”) in 2016 that will replace the current EU Data Protection
Directive and related country-specific legislation. The GDPR is anticipated to take effect in mid-2018. We are analyzing the GDPR
to determine its potential effects on our business practices. Complying with the enhanced obligations imposed by the GDPR may
result in significant costs to our business and require us to amend certain of our business practices.
These regulations, laws and industry standards also impose requirements for safeguarding personal information through the
issuance of internal data security standards, controls or guidelines. Western Union maintains and upgrades its systems and processes
to protect the security of our computer systems, software, networks and other technology assets. For further discussion of these
risks, see Part I, Item 1A, Risk Factors - "Breaches of our information security policies or safeguards could adversely affect our
ability to operate and could damage our reputation and adversely affect our business, financial condition, results of operations,
and cash flows."
In connection with regulatory requirements to assist in the prevention of money laundering and terrorist financing and pursuant
to legal obligations and authorizations, Western Union makes information available to certain United States federal, state, and
foreign government agencies when required by law. In recent years, Western Union has experienced increasing data sharing requests
by these agencies, particularly in connection with efforts to prevent terrorist financing or reduce the risk of identity theft. During
the same period, there has also been increased public attention to the corporate use and disclosure of personal information,
accompanied by legislation and regulations intended to strengthen data protection, information security and consumer privacy.
These regulatory goals - the prevention of money laundering, terrorist financing and identity theft and the protection of the
individual's right to privacy - may conflict, and the law in these areas is not consistent or settled. While we believe that Western
Union is compliant with its regulatory responsibilities in all material respects, the legal, political and business environments in
these areas are rapidly changing, and subsequent legislation, regulation, litigation, court rulings or other events could expose
Western Union to increased program costs, liability and reputational damage.
201 FORM 10 K
5 -