Question 1

How do you ensure the legally compliant processing of Reports?

Derek DeHoog · Accepted Answer

FRM undertakes a number of steps to ensure it is legally compliant in processing Reports, including obtaining written representations from the Subscriber that is requesting Reports from FRM on a lawful basis and has obtained the consent of the Subject, where it is needed, to perform the search.

For Subscribers who may be accessing consumer credit reports from national reporting agencies like Equifax, Transunion, etc., FRM undertakes steps which conform with the national consumer reporting agencies' requirements to credential Subscribers, which in addition to obtaining written representations from the Subscriber, includes the collection and review of certain documentation to establish the bona fide need to access such reports, and may also perform an on-site inspection at the Subscriber's commercial location to verify they are undertaking basic security precautions at their commercial location.

FRM also maintains an Information Security Program, administered by an employee or employees, which is anticipatory of foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality of FRM Content and Portal by way of: (a) using administrative, technical, and physical safeguards (collectively, “Safeguards”) to protect FRM Content and Portal; (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing Safeguards (collectively, “Safeguard Reviews”); and, (c) modifying and upgrading systems, system controls, procedures (including training of employees and management) as informed by the results of those Safeguard Reviews. FRM, as a part of its Terms of Service, also requires the Subscriber to represent they have such an Information Security Program in place as well.

FRM also obtains specialized legal advice from privacy counsel for aligning its business practices with relevant law.

Question 2

How do you ensure the legally compliant processing of Reports?

Derek DeHoog · Accepted Answer

FRM undertakes a number of steps to ensure it is legally compliant in processing Reports, including obtaining written representations from the Subscriber that is requesting Reports from FRM on a lawful basis and has obtained the consent of the Subject, where it is needed, to perform the search.

For Subscribers who may be accessing consumer credit reports from national reporting agencies like Equifax, Transunion, etc., FRM undertakes steps which conform with the national consumer reporting agencies' requirements to credential Subscribers, which in addition to obtaining written representations from the Subscriber, includes the collection and review of certain documentation to establish the bona fide need to access such reports, and may also perform an on-site inspection at the Subscriber's commercial location to verify they are undertaking basic security precautions at their commercial location.

FRM also maintains an Information Security Program, administered by an employee or employees, which is anticipatory of foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality of FRM Content and Portal by way of: (a) using administrative, technical, and physical safeguards (collectively, “Safeguards”) to protect FRM Content and Portal; (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing Safeguards (collectively, “Safeguard Reviews”); and, (c) modifying and upgrading systems, system controls, procedures (including training of employees and management) as informed by the results of those Safeguard Reviews. FRM, as a part of its Terms of Service, also requires the Subscriber to represent they have such an Information Security Program in place as well.

FRM also obtains specialized legal advice from privacy counsel for aligning its business practices with relevant law.