Skip to main content

Information Security

Our Commitment to Data Security

As a global provider of risk and information solutions, we collect, store, and transmit a large amount of sensitive and confidential information. We’re acutely aware that consumers count on us to safeguard their information, as do our data furnishers and business customers. Like many financial institutions and other companies holding valuable data, we experience attempts to access our system. That’s why information security is a company-wide priority at all levels of our organization.

The TransUnion information security team operates globally across all our business units and locations, ensuring coverage and transparency 24 hours a day, 7 days a week. Threats are monitored and evaluated, and our internal controls are adjusted as needed, as we strive to remain effective in a rapidly changing threat environment. Our global information security team is staffed with cyber-threat and intelligence experts with backgrounds and experience from law enforcement, government, military, and industry. Our Information Security program also includes robust policies, employee training and advanced technology, with support and oversight from the board of directors, CEO and executive management.

Global compliance policies and controls are managed under the direction of our Compliance team, whose members hold compliance certifications, in addition to their many years of professional service. Compliance actively partners with Information Security and Corporate Investigations to proactively build effective and efficient controls.

 In addition to our own stringent requirements, the financial institutions we work with — which share our interest in safeguarding the information shared with us — also expect that we live up to their high standards. Our security program is regularly audited by many of our customers, including some of the most sophisticated financial institutions in the world. We welcome the rigor of these reviews, as we’re confident our security controls are compliant with the highest standards to which banks are held.

 

Mitigating Risk:

To meet consumer, business customer and regulator expectations, TransUnion takes a multilayered, risk-based approach to security, which is based on a number of overlapping and redundant controls to reduce the risk of a single point of failure. This approach is designed to prevent, detect and respond — that is, to decrease the likelihood of a breach occurring; reduce the duration of any breach that may occur by ensuring it’s quickly identified; and minimize the impact of a breach by quickly limiting the reach of any compromise and closing off any further access to the environment.

Examples of the types of tools, controls, and procedures we use include:

  • Security tools. TransUnion regularly evaluates and deploys industry-leading security solutions to manage, control and monitor our environment. We implement our tools according to our layered security framework to ensure we have layers of protection and transparency. We test the effectiveness and capability of these tools on a regular basis to ensure we’re maintaining pace with the increasing sophistication we see occurring in the threat environment.
  • Audits and assessments. In addition to audits and reviews conducted by our financial institution customers and regulators, we continually evaluate and assess our own program, including regularly engaging external companies to pressure test our security governance, environment and controls through assessments, penetration tests and simulated attacks.
  • Incident response planning and readiness. We recognize the importance of ongoing preparedness, so we regularly update and test our response plans, educate our leaders and employees around the world on protocol, and host drills to pressure-test our capability.
  • Information sharing and collaboration. We’re committed to working with government, others in our industry and companies in other sectors to meet these threats head-on.

While we’re taking extensive measures to meet the ever-increasing threats of cybersecurity and fraud, security is not only an information services industry problem. This is a serious threat to all industries and organizations, and it’s not going away. As such, we continue to collaborate with organizations both in and out of our industry to manage best practices.

 

Maintaining Compliance

TransUnion is governed by strict regulatory oversight. We’re subject to a number of consumer protection laws in the markets we serve, which cover accuracy, security, data privacy, consumer and third-party access to credit reports, and a dispute process to address errors, among other regulations and requirements. In Hong Kong, this includes the Personal Data (Privacy) Ordinance and the Code of Practice on Consumer Credit Data.