Setting our own policies

While regulatory compliance is a baseline standard, Experian also strives to ensure that our data is ultimately used for the benefit of the consumer and with the consumer’s consent where appropriate.

Experian’s collection and use of information is guided by our Global Information Values. These values are applied within the cultural expectations and legal environment of the countries in which Experian operates. Experian’s Global Information Values are:

Balance: Experian strives to balance the interests of consumers with the business needs of customers to ensure both receive benefit from information use.
Accuracy: Experian strives to ensure the information it collects and maintains is as accurate and up-to-date as possible and that the information is appropriate for its intended use.
Security: Experian protects the information it maintains from unauthorised access or alteration.
Integrity: Experian complies with all laws and applicable industry codes and operates its businesses in accordance with these information values.
Communication: Experian communicates openly about the information it maintains, how it is used and seeks to inform consumers of their rights regarding the use of information.

In the US, the Global Information Values are the basis of a formal Fair Information Values Assessment that must be conducted before any new information collection or use will be approved. The Assessment ensures first that our Values are met and positions us subsequently to uphold all legal and security requirements. Information use that has successfully completed a Fair Information Values Assessment is then subject to Experian's stringent data security polices.

Data security is a very important Information Value. We have developed a Global Information Security policy to provide an over-arching framework, and to set our own standards in countries where data protection legislation is absent.

The Global Information Security Policy:

sets out the key controls, policies and standards to protect data from identified and emerging risks and threats;
is aligned with international security standards, such as the ISO27000 (ISO17799) series;
covers the topics of: people; information assets; third parties; technical security infrastructure; access to systems; physical and environmental security; systems and application; development and maintenance; and business continuity

We use a managed approach to appropriately protect data throughout its entire lifecycle. These safeguards are designed to:

protect the security and confidentiality of customer information;
protect against any anticipated threats or hazards to the security of information; and,
protect against unauthorised access or misuse of information that could result in harm to any customer or consumer.
we also help lead the industry in the proper handling of data to maintain its integrity and security.