This analysis describes what Equifax's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Given Equifax's 2017 breach affecting 147 million Americans — the largest breach of financial data in U.S. history at the time — the company's use of qualified 'reasonable measures' language rather than specific security commitments is a significant limitation on consumer protection.
Equifax's policy authorizes collection of a wide range of sensitive personal and financial data, including credit history, income, government identifiers, geolocation, and biometric information, and permits sharing this data with affiliates, business partners, and service providers for purposes including marketing and analytics that extend beyond core credit reporting. Because Equifax operates simultaneously as a credit bureau, data broker, and consumer products company, data you provide in one context may be used or shared in others. You can submit privacy rights requests, including requests to opt out of data sale or sharing, access your data, or request deletion, through the Equifax privacy rights portal at equifax.com/personal/privacy-policy.
How other platforms handle this
We implement technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no security measures are perfect or impenetrable, and we cannot guarantee that personal information will not be accesse...
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We implement reasonable security measures to protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee the absolute security of your information.
Monitoring
Equifax has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We use reasonable physical, technical, and administrative measures to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. While we take steps to protect your information, no system is completely secure. We cannot guarantee the security of the information you provide to us. In the event of a security breach, we will notify you as required by applicable law.— Excerpt from Equifax's Equifax Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Given Equifax's 2017 breach affecting 147 million Americans — the largest breach of financial data in U.S. history at the time — the company's use of qualified 'reasonable measures' language rather than specific security commitments is a significant limitation on consumer protection.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Equifax.