How does TransUnion collect my credit data?

TransUnion collects personal credit data through the following two channels: Credit Data Smart Subscribed Members and relevant information from public records. All consumer credit data is encrypted before being transmitted through or stored in the credit reference platform (CRP), in accordance with international encryption standard. Only selected credit reference agencies and their subscribed members will have the keys to decrypt the data. Neither the platform operator nor any unauthorised parties can decrypt the data.

TransUnion, as one of the credit reference agencies under Credit Data Smart, which is also known as Multiple Credit reference Agencies (“MCRA") model, will comply with the standards and requirements of relevant ordinances and code of practices.

Under the current legal framework in Hong Kong, personal data is protected by the Personal Data (Privacy) Ordinance (PDPO); and credit reference agencies (CRAs) must comply with the PDPO. The Code of Practice on Consumer Credit Data issued by the Privacy Commissioner for Personal Data (PCPD) also governs the handling of consumer credit data.

In addition, the Industry Associations established the Code of Practice for the Multiple Credit Reference Agencies (MCRA) Model, setting the standards and requirements for selected CRAs and their subscribed members to comply on various aspects, including corporate governance, internal control, and the use and protection of consumer credit data. 

For more details, please see the “Code of Practice for MCRA Model” document here.