Because TransUnion is a credit bureau regulated by federal law, certain personal information in your credit file cannot be deleted even if you request it, because the law requires TransUnion to keep it.
This analysis describes what TransUnion's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Federal credit reporting law overrides your general privacy rights for credit report data, meaning your right to delete information from your TransUnion credit file is more limited than your right to delete other types of personal data.
If you submit a deletion request for data in your credit report, TransUnion may retain that data because FCRA compliance takes precedence over state privacy law deletion rights, which means negative credit information may remain on file for up to seven years regardless of your request.
How other platforms handle this
You can visit our consumer portal at my.plaid.com to see the apps that have accessed your financial data through Plaid, disconnect apps, and make requests related to your personal information, including requests to access, correct, or delete your data.
These Additional Terms apply only to the Mistral AI Products available on the Mistral AI Infrastructure and provided to customers located in the European Union that are subject to the EU Data Act (as defined below). These Additional Terms shall take effect on 12 September 2025 (the "Effective Date")...
Managing And Deleting Your Information. You have the right to access, correct, or delete your information in certain circumstances. We store information until it is no longer necessary to provide our Services or until your account is deleted, whichever comes first. You can delete your WhatsApp accou...
Monitoring
TransUnion has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Please note that we are a consumer reporting agency and some of the personal information we maintain about you is regulated by the Fair Credit Reporting Act (FCRA). The FCRA and other applicable laws may limit our ability to delete certain personal information, and your request may be denied in whole or in part if applicable law requires us to retain the information or permits us to retain it.— Excerpt from TransUnion's TransUnion Privacy Policy
REGULATORY LANDSCAPE: The FCRA establishes maximum retention periods for consumer report data, including seven years for most negative information and ten years for bankruptcies. These federal retention requirements preempt state privacy law deletion rights under CCPA and similar statutes to the extent they conflict. The CFPB is the primary enforcement authority for FCRA obligations. The interplay between FCRA retention mandates and CPRA deletion rights is an area of active regulatory and legal interpretation. GOVERNANCE EXPOSURE: High. The carve-out is legally well-founded for FCRA-regulated data, but the boundary between FCRA data and non-FCRA personal data held by TransUnion is not always visible to consumers. If TransUnion applies the FCRA carve-out too broadly to deny deletion requests for non-FCRA data, this could create CCPA enforcement exposure. JURISDICTION FLAGS: California residents retain deletion rights under CPRA for non-FCRA personal data, and the CPPA has authority to investigate overly broad denial of deletion requests. Similar dynamics apply in other comprehensive privacy law states. The carve-out is recognized under CCPA's own FCRA exemption, but regulators may scrutinize how broadly it is applied. CONTRACT AND VENDOR IMPLICATIONS: Organizations that contract with TransUnion as a data source should understand that data retention schedules for credit data are federally mandated and not subject to contractual shortening. Downstream data recipients should not assume they can honor consumer deletion requests for FCRA-sourced data without TransUnion's involvement. COMPLIANCE CONSIDERATIONS: Compliance teams should document the criteria used to classify data as FCRA-regulated versus non-FCRA, and maintain records showing that deletion request denials are grounded in specific FCRA retention requirements rather than blanket application of the carve-out. Consumer-facing communications about deletion rights should clearly explain which data is and is not subject to deletion.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Federal credit reporting law overrides your general privacy rights for credit report data, meaning your right to delete information from your TransUnion credit file is more limited than your right to delete other types of personal data.
If you submit a deletion request for data in your credit report, TransUnion may retain that data because FCRA compliance takes precedence over state privacy law deletion rights, which means negative credit information may remain on file for up to seven years regardless of your request.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TransUnion.