Equifax 2007 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2007 Equifax annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 100

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100

and users of consumer report information. Violation of the
FCRA, or of similar state laws, can result in an award of
actual damages, as well as statutory and/or punitive damages
in the event of a willful violation.
The Fair and Accurate Credit Transactions Act of 2003, or
FACT Act, which amended the FCRA and requires nationwide
consumer credit reporting agencies, such as us, to furnish a
free annual credit le disclosure to consumers, upon request,
through a centralized request facility we have established
with the other nationwide credit reporting agencies. The
FACT Act also included requirements for nancial institutions
to develop policies and procedures to identify potential
identity theft and, upon the request of a consumer, to place a
fraud alert in the consumers credit le stating that the con-
sumer may be the victim of identity theft or other fraud;
consumer credit report notice requirements for lenders that
use consumer report information in connection with risk-based
credit pricing actions; requirements for entities that furnish
information to consumer reporting agencies to implement
procedures and policies regarding the accuracy and integrity
of the furnished information, and regarding the correction of
previously furnished information that is later determined
to be inaccurate; and a requirement for mortgage lenders to
disclose credit scores to consumers. Additionally, the FACT
Act prohibits a business that receives consumer information
from an af liate from using that information for marketing
purposes unless the consumer is rst provided a notice and
an opportunity to direct the business not to use the informa-
tion for such marketing purposes (“opt-out”), subject to
certain exceptions.
The Financial Services Modernization Act of 1999, or
Gramm-Leach-Bliley Act, or GLB, which, among other
things, regulates the use of non-public personal nancial
information of consumers that is held by nancial institutions.
Equifax is subject to various GLB provisions, including rules
relating to the physical, administrative and technological
protection of non-public personal nancial information.
Breach of the GLB can result in civil and/or criminal liability
and sanctions by regulatory authorities, such as nes of up
to $100,000 per violation and up to ve years imprisonment
for individuals.
The Health Insurance Portability and Accountability Act
of 1996, or HIPAA, which requires reasonable safeguards
to prevent intentional or unintentional use or disclosure of
protected health information.
Federal and state laws governing the use of the Internet and
regulating telemarketing, including the federal Controlling
the Assault of Non-Solicited Pornography and Marketing
Act of 2003, or CAN-SPAM, which regulates commercial
email, prohibits false or misleading header information,
requires that a commercial email be identi ed as an adver-
tisement, and requires that commercial emails give recipients
an opt-out method.
Fannie Mae and Freddie Mac regulations applicable to our
credit reporting and mortgage services products, the Real
Estate Settlement Procedures Act and HUD’s Regulation X,
which requires the disclosure of certain basic information
to borrowers concerning settlement costs and prohibits the
charging of unearned fees and certain “kickbacks” or other
fees for referrals in connection with a residential mortgage
settlement service.
A number of states in the U.S. have passed versions of security
breach noti cation and credit le freeze legislation. A le freeze
enables identity theft victims, or in certain states recipients of
data breach notices or all consumers, to place and lift a freeze on
access to their credit les. File freeze laws impose differing
requirements on credit reporting agencies with respect to how
and when to respond to such credit le freeze requests and in the
fees the agencies may charge for freeze-related actions.
We continue to monitor federal and state legislative and
regulatory issues involving data privacy and protection.
International Data and Privacy Protection
We are subject to data protection, privacy and consumer credit
laws and regulations in the foreign countries where we do business.
In Canada, the Personal Information Protection and Electronic
Documents Act (2000) applies to organizations with respect
to personal information that they collect, use or disclose in
the course of commercial activities. It requires compliance
with the National Standard of Canada Model Code for the
Protection of Personal Information, covering accountability
and identifying purposes, consent, collection, use, disclo-
sure, retention, accuracy, safeguards, individual access
and compliance. The Federal Privacy Commissioner is
invested with powers of investigation and intervention, and
provisions of Canadian law regarding civil liability apply
in the event of unlawful processing which is prejudicial to
the persons concerned.
In Europe, we are subject to the European Union, or EU, data
protection laws, including the comprehensive EU Directive
on Data Protection (1995), which imposes a number of
obligations on Equifax with respect to use of personal data,
and includes a prohibition on the transfer of personal infor-
mation from the EU to other countries that do not provide
consumers with an “adequate” level of privacy or security.
The EU standard for adequacy is generally stricter and more
comprehensive than that of the U.S. and most other countries.
In the U.K., the Data Protection Act of 1998 regulates the
manner in which we can use third-party data. Recent
regulatory limitations affect our use of the Electoral Roll,
one of our key data sources in the U.K. Generally, the data
underlying the products offered by our U.K. Information
Services and Personal Solutions product lines, excluding
our Commercial Services products, are subject to these reg-
ulations. In Spain and Portugal, the privacy laws which are
subject to the EU Directive on Data Protection regulate all
credit bureau and personal solutions activities. Except for
negative data, the laws in Spain and Portugal generally
require consumer consent for all Equifax activities.
In Latin America, most countries generally follow the EU data
protection model. This includes consumer data protection and
20 EQUIFAX | 2007 ANNUAL REPORT