Experian Corporate Responsibility 2007: This Year

Once our systems have been designed and implemented, one of the most important elements to ensuring compliance is working with our people to avoid accidental or deliberate breaches of data protection arrangements. So:

We place very heavy emphasis on security training. All new staff in the US, for example, receive mandatory security training on their first day, again after 90 days employment, and get regular refreshers thereafter. In the UK there is a continuous training programme for all staff including mandatory computer based training for all new employees.
We work constantly to raise staff awareness of the importance and necessity of good data protection practices, including campaigns via our internal magazines and intranets including one this year with a free toothbrush to bring attention to the importance of passwords.
We design our systems with rigorous access controls and our data transfer mechanisms are developed to include data encryption so that data will be unintelligible to all but the intended recipient.

This year

A specific, global initiative was established to provide a particular focus on information security with a number of projects covering every aspect from data protection and management of electronic security risks to physical security. One of the projects within this initiative was ‘Operation Safeguard.’ Experian played a leadership role in working with hundreds of clients to better secure the way that data is transferred between the organisations. Today, they use agreed upon encryption standards and secure data transfer channels. We have worked with our competitors, Equifax and CallCredit, to establish this common industry approach.

We have embarked on becoming compliant with the Payment Card Industry Data Security Standard (PCI DSS), which is focussed specifically on protecting credit and debit cardholder data. This involves ongoing assessment of Experian by independent assessors. In the US we have received PCI certification on both of Experian’s Texas Data Centres and the Data Centre in Schaumburg, Illinois, representing the majority of Experian’s US based information processing.

In the UK, Europe/Middle East and Africa and Asia Pacific a PCI certification programme is currently underway that will also strive to ensure compliance with PCI-DSS

Ultimately, keeping our data secure is not only a key social responsibility but also a competitive differentiator for our business. Our partners need to know that their reputations and assets are protected when they work with us. Many business customers take an active and detailed interest in our security approaches, including conducting their own audits of our sites and systems. We believe that our systems and performance in this area are second to none and that our specific focus this year has improved our position, although we are always vigilant and ready to improve further.

Image of a toothbrush with label Information Security

Monitoring and ensuring compliance

This year

'A password is like a toothbrush: choose a good one, don't share it with anyone and change it regularly!'

Steve Turner
Director of Information Security

Monitoring and ensuring compliance

This year

'A password is like a toothbrush: choose a good one, don't share it with anyone and change it regularly!'

Steve Turner Director of Information Security

Steve Turner
Director of Information Security