The policy states that Equifax collects directly from consumers sensitive personal information including Social Security numbers, financial account data, credit card information, and date of birth, in addition to information obtained from third-party data sources.
This analysis describes what Equifax's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that Equifax collects among the most sensitive categories of personal data recognized under U.S. and international privacy law, including government-issued identifiers and financial account credentials, which are subject to heightened protection obligations under CPRA, GLBA, and GDPR.
Interpretive note: The policy does not fully delineate which data categories are collected solely for FCRA-governed credit reporting purposes versus general commercial purposes, creating ambiguity about which privacy rights framework applies to specific data elements.
This provision establishes that Equifax collects Social Security numbers, financial account numbers, and credit card information directly from consumers, as well as from third-party data sources, and uses this data across its credit reporting, fraud prevention, and commercial data services.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Equifax has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect personal information about you from a variety of sources... Information you provide to us directly, such as when you create an account or use our services, may include: name, address, date of birth, Social Security number, financial account information, credit card information, and other information you choose to provide.— Excerpt from Equifax's Equifax Privacy Policy
1. REGULATORY LANDSCAPE: This provision implicates the Gramm-Leach-Bliley Act (GLBA), which governs the collection and safeguarding of financial information by financial institutions; the CPRA, which designates Social Security numbers and financial account numbers as sensitive personal information subject to heightened restrictions; and GDPR Article 9, which addresses special categories of data. The FTC and CFPB share enforcement authority over financial data practices at Equifax. Where the policy's collection of SSNs and financial data extends beyond FCRA-permissible purposes, additional consent or disclosure obligations may apply. 2. GOVERNANCE EXPOSURE: High. The collection and retention of Social Security numbers and financial account data at scale creates significant breach liability exposure and regulatory scrutiny, particularly given Equifax's 2017 data breach enforcement history. The combination of direct collection and third-party sourcing of sensitive data amplifies the scope of data subject rights obligations under CPRA and GDPR. 3. JURISDICTION FLAGS: California residents have the right to limit the use and disclosure of sensitive personal information under CPRA. EU and UK data subjects may require explicit consent or a documented legitimate interest basis for processing of financial identifiers. Illinois and New York impose additional notification and safeguard requirements for SSN and financial data breaches. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations receiving Equifax data products that include SSNs or financial account data should ensure downstream data processing agreements address FCRA permissible purpose limitations and GLBA safeguard requirements. Vendor assessments should confirm Equifax's security certification posture given prior regulatory consent orders. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that consent mechanisms for collection of SSNs and financial data are jurisdiction-appropriate, that data minimization principles are applied where FCRA-governed purposes do not require full identifier retention, and that breach notification protocols address the elevated regulatory timelines applicable to sensitive financial data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that Equifax collects among the most sensitive categories of personal data recognized under U.S. and international privacy law, including government-issued identifiers and financial account credentials, which are subject to heightened protection obligations under CPRA, GLBA, and GDPR.
This provision establishes that Equifax collects Social Security numbers, financial account numbers, and credit card information directly from consumers, as well as from third-party data sources, and uses this data across its credit reporting, fraud prevention, and commercial data services.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Equifax.