Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with Equifax

 

November 2003

 

Terry McQuay, Nymity's President, recently had an opportunity to talk with Joel Heft, Vice-President, Counsel and Chief Privacy Officer, Equifax Canada Inc.

 

Nymity: Joel, as Equifax complied with the CSA principles well prior to the introduction of PIPEDA, what additional measures did Equifax take as a result of PIPEDA?

 

Heft: In fact, Equifax has not only complied with the CSA principles since their introduction, but Equifax was a member of the committee tasked with their drafting. In addition, since the early 1970's, Equifax has complied with provincial credit reporting legislation (there are currently nine such provincial Credit Reporting Acts) which are quite arguably 'substantially similar' to the principles of PIPEDA.

Since the introduction of PIPEDA, Equifax has taken internal and external steps to assure compliance. Internally, some of the initiatives undertaken have been the conducting of a formal privacy audit, the appointment of a Chief Privacy Officer, setting up a 'privacy concerns' email address, establishing a formal mechanism for handling PIPEDA related matters and creating a consumer privacy education page on the Equifax website.

 

Externally, Equifax, as a result of its longstanding record of compliance with similar legislation, has been asked to speak at numerous privacy forums, has held member seminars, and consulted with members on privacy related matters, has met on several occasions with members of the Federal Privacy Commissioners office as well as with representatives of the British Columbia and Alberta governments regarding issues of concern to the credit reporting industry in particular and privacy generally.

 

Nymity: As the provider of information, are you required to ensure your commercial members are compliant with PIPEDA?

 

Heft: Transaction volumes make it impossible for credit bureaus to be able to verify consumer consents (as received by members) and still allow for the consumer to have his or her credit application adjudicated in a timely and cost efficient manner. Accepted practice in the credit reporting industry is that the agencies rely on consents obtained by their credit granting members. Equifax assures that all potential members are put through a rigorous screening process to verify that they comply not only with the PIPEDA requirements but also those found in the provincial credit reporting legislation.


Nymity: Does PIPEDA allow consumers to withdraw consent from the use, collection or disclosure of their information?

 

Heft: The wording of the PIPEDA 'withdrawal of consent' provision would prohibit a consumer from being allowed to selectively edit consumer credit file information once he or she has consented to such information being placed on the file.

The Province of British Columbia has done a tremendous job of adding further clarity to this issue. Section 9(6) of the Personal Information Protection Act states that "an individual may not withdraw a consent given to a credit reporting agency in the circumstances described in Section 12(i) (g) or 15(i) (g)" (for use in credit reports).


Nymity: How will B.C.'s and Alberta's PIPA impact operations at Equifax?

 

Heft: The B.C. and Alberta legislation should not have any impact on Equifax's operations. Equifax has worked closely with both of these governments in an effort to assure that their legislation (i) acknowledges the unique third party nature of credit reporting agencies, and (ii) is consistent with both the provisions of PIPEDA as well as the credit reporting legislation already in place in those provinces.


Nymity: Do the provisions of PIPEDA apply to Equifax's commercial credit reporting operations?

 

Heft: This question was resolved in case number 141 of the Federal Privacy Commissioners Findings. In that case, the Privacy Commissioner found that business information is not personal information, and therefore cannot be covered under the provisions of the PIPEDA.

 

Nymity: When providing consumer credit reports via the Internet, how do you authenticate the individual is who he or she claims to be? Could a consumer complain about the charge?

 

Heft: The Equifax ID verification tool used when delivering consumer credit files via the Internet has security which is well above industry standard. To date, we have not had a single incident or problem relating to the security of the product.

What is essential to remember is that this 'charge for' service does not prevent a consumer from using the free credit reporting service offered by Equifax to consumers. Equifax sends in excess of 600,000 free credit reports to Canadians each year.


Nymity: Do you expect increased complaints in 2004 with the increase consumer visibility of PIPEDA?

 

Heft: We would expect a temporary spike in the number of consumer inquiries during the first quarter of 2004. This would be consistent with our experience of 2001 when PIPEDA came into limited application.

 

Nymity: What are the nature of the complaints you receive and how many related to privacy?

 

Heft: Equifax received a few privacy related inquiries from the Federal Privacy Commissioners office in the 2001-2002 period. No inquiries have been received in 2003.

 

To date, the complaints have generally been in the area of content of file information and disclosure delays.


Nymity: Equifax offers a service called credit watch which is designed to help protect against identify theft. Is identity theft a privacy issue?

 

Heft: The Credit Watch product will be introduced in the Canadian market place in 2004. This tool will help consumers monitor any changes to their credit files and therefore be a most effective early warning tool in the fight against identity theft.

I believe that identity theft is a criminal rather than a privacy issue. Those who take part in identity theft likely have little or no regard for privacy legislation. That being said, data security (a principle of PIPEDA) must be at the forefront of the battle against identity theft.


Nymity: In closing, what will be Equifax's top privacy priorities for 2004?

 

Heft: In no particular order; continued education of Equifax staff and members, continued cooperation and communication with both privacy and credit reporting regulators, update internal privacy audit, assure that operations meet the standards set out in the B.C. and Alberta privacy legislation, continually scan the environment to identify privacy best practices as well as emerging privacy issues.

 

 

 

 

 

 

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY