Fair Information Values Assessment. Read more

Experian’s Global Information Values and the Fair Information Values Assessment

Experian’s collection and use of information is guided by our Global Information Values. These values are applied within the cultural expectations and legal environment of the countries in which Experian operates.

Experian’s Global Information Values are:

  • Balance: Experian strives to balance the interests of consumers with the business needs of customers to ensure both receive benefit from information use.
  • Accuracy: Experian strives to ensure the information it collects and maintains is as accurate and up-to-date as possible and that the information is appropriate for its intended use.
  • Security: Experian protects the information it maintains from unauthorised access or alteration.
  • Integrity: Experian complies with all laws and applicable industry codes and operates its businesses in accordance with these information values.
  • Communication: Experian communicates openly about the information it maintains, how it is used and seeks to inform consumers of their rights regarding the use of information.

In the US, the Global Information Values are the basis of a formal Fair Information Values Assessment that must be conducted before any new information collection or use will be approved. The Assessment ensures first that our Values are met and positions us subsequently to uphold all legal and security requirements. Information use that has successfully completed a Fair Information Values Assessment is then subject to Experian's stringent data security polices.

x Close

Background

This section gives more details on key data management policies and procedures and the way we involve our people in implementing them.

We have systems for:

Data

Network security and intrusion detection

Virus protection

Access control

Data integrity

Employee remote access

People

Policies

 

Data


Data classified as confidential or restricted is protected in a variety of ways in line with applicable regulatory and industry requirements. Executive and senior management actively participate in setting goals and promoting the data protection program throughout the company.

We take a managed approach to security to ensure that data is protected through the entire life cycle. During creation, transformation and use, storage, and destruction we deploy the latest techniques and processes to provide the best possible protection. To protect our customers, consumers, stakeholders, and Experian’s corporate reputation, we monitor our systems to ensure high standards of data protection.

Back to top

Network security and intrusion detection

We monitor our systemsfor signs of known threats and anomalous activity, and take action based on identification of improper traffic. Firewalls and intrusion detection devices protect the entrance to Experian’s network. We strictly monitor and approve all firewall rule set changes and provide monitoring of firewalls in order to identify attempted security violations.

Back to top

Virus protection


Experian deploys, implements, and maintains the most current commercially available computer virus detection/scanning programme. We use three-tiered virus prevention architecture to prevent the infection and spread of computer viruses between parties that access or exchange data or files through network connectivity.

Back to top

Access control


Experian implements the latest measures to restrict electronic access to our systems to protect sensitive information. We ensure that clients who access or submit material to our systems are uniquely identified and authenticated. We enforce the principle of least privilege so that authorized personnel have only the level of access to our systems required to perform their job functions.
 

Back to top

Data integrity


Experian safeguards the confidentiality and integrity of all data being transmitted over our network. We implement and maintain strong, industry-standard encryption techniques to protect clients’ data..

Back to top

Employee remote access


Remote access is provided on a limited basis to employees whose job functions warrant such access using strong, multi-factor authentication, and only then connected to and only then connected to Experian’s internal network.

Back to top

People


Our internal training capabilities allow us to continually develop, educate, and train our staff.

Back to top

Policies


We have a global information security policy and manage its development and implementation in a systematic way, and we bring acquired companies in line with this policy as a matter of urgency during integration.

We have a set of Global Information Values that guide the collection and use of information.

In the US we implement a Fair Information Values Assessment (FIVA) before any information collection or use is approved.

Regulatory compliance regarding the use of data is essential for the continuation of our business. It is impossible to demonstrate this compliance globally but as an example we have created a snapshot you can read in the sidebar showing how we are complying with the UK Data Protection Act.

Back to top