LexisNexis & Privacy
LexisNexis® Data Privacy Principles
LexisNexis is a provider of information that helps businesses, non-profit organizations, and federal, state and local governments reduce fraud, mitigate risk, facilitate smarter decisions, and make society safer, while protecting consumer privacy. LexisNexis is committed to promoting the responsible use of information and protecting individual privacy rights. In recognition of this commitment, LexisNexis has adopted the LexisNexis Data Privacy Principles. The LexisNexis Data Privacy Principles speak to the personally identifiable information including sensitive personally identifiable information, collected, maintained, used or disseminated by LexisNexis, Seisint®, and ChoicePoint, divisions of Reed Elsevier Inc. (hereinafter “LexisNexis”).
LexisNexis strives to apply these Principles to our domestic U.S. products and services where appropriate and consistent with applicable law, such as the Fair Credit Reporting Act and its state analogues (“FCRA”), the Driver’s Privacy Protection Act and its state analogues and the Gramm-Leach-Bliley Act.
LexisNexis reserves the right to not apply its Data Privacy Principles if required to do so by operation of law, upon request of law enforcement, or, if necessary, to prevent fraud or to protect our computer systems. LexisNexis also, from time to time, may revise our Data Privacy Principles.
1. EDUCATION LexisNexis strives to inform its employees, users and the general public about appropriate use of its products and services.
LexisNexis strives to inform its users and employees about:
- Privacy and security issues associated with LexisNexis information products and services; and
- The responsible use of personally identifiable information.
LexisNexis strives to inform the public about:
- The responsible use of personally identifiable information;
- Measures LexisNexis has undertaken to enhance consumer privacy; and Choices available to consumers regarding information access and the ability to opt-out of certain products and services which utilize personally identifiable information.
2. REPUTABLE SOURCES
LexisNexis strives to acquire personally identifiable information from established, reputable sources in the government and private sectors. In support of this Principle, LexisNexis takes reasonable steps to assess the reputation and reliability of its private sector data sources before incorporating personally identifiable information from the source into its products and services. LexisNexis also strives to obtain assurances from its data suppliers that they have the legal right to license or sell the data to LexisNexis.
LexisNexis strives to accurately report information in its products. LexisNexis also strives to accurately report information that it receives from its data sources. LexisNexis recognizes, however, that reporting errors may occur and offers consumers opportunities, where practicable, to dispute and correct information that we report as discussed further in Principle 9 on Access and Correction.
4. DISTRIBUTION OF PERSONALLY IDENTIFIABLE INFORMATION
LexisNexis strives to limit the distribution of personally identifiable information consistent with the nature and sensitivity of the information. LexisNexis also strives to distribute personally identifiable information from sources other than public records or publicly available information only to its authorized users and not to the public in general. Similarly, where applicable, LexisNexis strives to restrict access to information in accordance with privacy laws such as the Fair Credit Reporting Act, the Gramm Leach Bliley Act, and the Drivers’ Privacy Protection Act and comparable state statutes. In the case of public record information available to the general public (such as bankruptcy, liens, judgments and Uniform Commercial Code filings) and publicly available information (such as telephone directory information or personal information available through widely available media), we may make this information available to the general public unless applicable law operates to limit our distribution of such information to authorized users.
If, upon investigation, LexisNexis finds that personally identifiable information has been used inappropriately or unlawfully, LexisNexis strives to take reasonable steps to stop the misuse, educate the user concerning the appropriate and lawful use of the information, and prevent similar future misuses. Such steps may include measures up to and including discontinuation of the user’s access to LexisNexis information products and services, pursuit of other legal remedies, and the referral of misuse to the appropriate authorities.
5. DISTRIBUTION OF SOCIAL SECURITY NUMBERS AND DRIVER'S LICENSE NUMBERS
LexisNexis strives to provide additional safeguards for sensitive personally identifiable information, which presents the highest risk of being misused for identity theft or fraud. LexisNexis strives to limit the availability and distribution of full Social Security Numbers (“SSNs”), Driver’s License Numbers and State Identification Numbers. LexisNexis strives to protect the confidentiality of SSNs by limiting access to SSNs to certain legitimate users, such as: state, local and federal government entities with law enforcement responsibilities; financial institutions; insurers; employers; creditors; and debt collectors. LexisNexis prohibits the unlawful disclosure of SSNs. LexisNexis also takes steps to limit the availability of Driver’s License Numbers (“DLNs”) and state identification card numbers. A limited number of public records may contain SSNs. This Principle does not apply to the display of SSNs found in public records.
LexisNexis strives to protect personally identifiable information that we maintain or disseminate so it is not obtained by unauthorized individuals or used in unauthorized ways, including through the use of appropriate administrative, physical, and technical safeguards.
LexisNexis strives to make its Data Privacy Principles publicly known. LexisNexis publicly posts these Data Privacy Principles, on its Web site: http://www.lexisnexis.com/privacy/data-privacypolicy. aspx
- Reputable Sources;
- Distribution of Personally Identifiable Information;
- Distribution of Social Security Numbers and Driver’s License Numbers;
- Access and Correction;
- Online Privacy; and
- Identity Theft.
For additional information about the LexisNexis Data Privacy Principles, contact the LexisNexis Privacy Manager at 1-800-831-2578 or by mailing to:
PO Box 933
Dayton, Ohio 45401
LexisNexis strives to allow consumers to opt-out of the dissemination of personally identifiable information from LexisNexis owned databases used solely for marketing services. We also strive to allow individuals to opt-out of LexisNexis’ public-facing product, Known, as required by law and permitted by LexisNexis policy.
9. ACCESS & CORRECTION
LexisNexis strives to provide consumers with a central point of contact regarding their questions about LexisNexis and its commitment to the responsible use of personally identifiable information. LexisNexis strives to inform individuals about the nature of the public records, nonpublic information, and publicly available information that LexisNexis makes available in its information products and services. LexisNexis also strives, whenever practicable, to provide consumers, upon request, with meaningful opportunities to review personally identifiable information we maintain about them. LexisNexis also strives, as appropriate and practicable, to provide opportunities for consumers to dispute and correct information by assisting them in identifying the potential information sources at which corrections should be made. LexisNexis strives to direct individuals to the government and private entities that collect and maintain public records and publicly available information to correct any claimed inaccuracies found in that data, and direct individuals to consumer reporting agencies where such agency is the source of the information about the individual and where the individual seeks to correct claimed inaccuracies found in that data With respect to data to which the FCRA applies, we provide consumers with access and correction rights in accordance with FCRA requirements.
LexisNexis strives to comply with its Data Privacy Principles and strives to continuously monitor its business practices for compliance with its Data Privacy Principles. LexisNexis will obtain biennial assessments from a qualified, objective, independent third-party, who uses procedures and standards generally accepted in the profession to assess LexisNexis administrative, technical, and physical safeguards around data privacy and security.
LexisNexis supports accountability of information industry standards and practices, responsible and effective federal regulation of the data industry, and legislation governing the practices of all data providers. LexisNexis also supports industry oversight and active engagement with the privacy community. LexisNexis believes that strong privacy and information security protections are vital for an effective and trusted data industry.
12. ONLINE PRIVACY
LexisNexis strives to protect the privacy of personally identifiable information obtained over the Internet and strives to apply our Data Privacy Principles and evolving standards to the online environment.
13. IDENTITY THEFT
LexisNexis strives to prevent the acquisition of information from its products and services for improper purposes, such as identity theft. LexisNexis believes that it is important that consumers who may have had their sensitive personally identifiable information acquired by an unauthorized individual be notified as follows. Where a state law requires notice, LexisNexis complies with the law. In those states where identity theft notice laws do not exist, LexisNexis follows its Information Security Breach Response and Notification Policy, which provides that affected consumers will be notified when sensitive personally identifiable information owned or licensed by LexisNexis is acquired by an unauthorized individual and whenever LexisNexis has a reasonable basis to believe the breach has resulted in, or there is a significant risk that it will result in, identity theft to the consumer to whom the information relates.
Latest Revision: December 17, 2008