The policy states that residents of California, Virginia, Colorado, Connecticut, and Texas have rights to access, correct, delete, and opt out of the sale or sharing of personal information, exercisable through Equifax's privacy portal or by telephone.
This analysis describes what Equifax's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the consumer rights infrastructure for multiple U.S. state privacy statutes, including CPRA, VCDPA, CPA, CTDPA, and TDPSA, and specifies the operational channels available to exercise those rights.
Interpretive note: The policy does not detail the specific response timelines or appeal procedures required under each state statute, creating uncertainty about whether the consolidated portal fully satisfies each jurisdiction's operational requirements.
Under this provision, qualifying state residents may submit access, correction, deletion, and opt-out requests through Equifax's online privacy portal at equifax.com/privacy or by calling 1-888-378-4329; the policy notes that FCRA-governed data is subject to a separate dispute process.
How other platforms handle this
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
Monitoring
Equifax has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you live, you may have certain rights with respect to your personal information. These rights may include the right to access, correct, delete, or opt out of the sale or sharing of your personal information. To submit a request, please visit our privacy portal or call us at 1-888-378-4329.— Excerpt from Equifax's Equifax Privacy Policy
1. REGULATORY LANDSCAPE: This provision implicates CPRA (enforced by the California Privacy Protection Agency and California AG), Virginia's VCDPA (enforced by the Virginia AG), Colorado's CPA (enforced by the Colorado AG), Connecticut's CTDPA (enforced by the Connecticut AG), and Texas's TDPSA (enforced by the Texas AG). Each statute has distinct response timelines, appeal rights, and scope of applicable rights; the policy does not detail these differences. 2. GOVERNANCE EXPOSURE: Medium. The consolidation of multi-state rights requests into a single portal is operationally efficient but requires that Equifax's response workflows are differentiated by jurisdiction to comply with varying statutory timelines and right categories. Failure to honor rights requests within statutory deadlines creates direct enforcement exposure with each applicable State AG. 3. JURISDICTION FLAGS: California provides the most comprehensive rights framework including sensitive personal information limits, global privacy control opt-out signal requirements, and appeal rights. Texas's TDPSA is newer and its enforcement posture is still developing. Virginia's VCDPA and Colorado's CPA include appeal rights that the policy does not describe in detail. 4. CONTRACT AND VENDOR IMPLICATIONS: Equifax's data processing agreements with service providers should require that consumer rights requests relayed through vendor channels are forwarded to Equifax's privacy portal within timeframes that allow compliant response under the most restrictive applicable statute. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Equifax's privacy portal is technically capable of processing and documenting rights requests by jurisdiction, that response timelines are tracked against each applicable statute, and that the appeal process available to consumers in applicable states is documented and operational.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the consumer rights infrastructure for multiple U.S. state privacy statutes, including CPRA, VCDPA, CPA, CTDPA, and TDPSA, and specifies the operational channels available to exercise those rights.
Under this provision, qualifying state residents may submit access, correction, deletion, and opt-out requests through Equifax's online privacy portal at equifax.com/privacy or by calling 1-888-378-4329; the policy notes that FCRA-governed data is subject to a separate dispute process.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Equifax.