Consumer Information Privacy Policy

WORKFLOW, LLC is a consumer reporting agency. It is required by the Fair Credit Reporting Act, 15 U.S.C. §1681 et seq. (“FCRA”) to maintain the confidentiality of all consumer information.

WORKFLOW, LLC obtains information on an individual consumer only upon the request of a user who has a permissible purpose under the FCRA to request information on that consumer in order to provide consumer reports. The FCRA requires a user for employment purposes to certify to us that it has a permissible purpose for the report and has obtained the written consent of the consumer to request information before we can supply the requested information¹. The user must submit to reasonable audits by us to confirm that it is, in fact, obtaining such consents. All users must certify that they have a permissible purpose to request a report such as credit, insurance, and renting an apartment. Our customers agree to keep information confidential and secure.

WORKFLOW, LLC does not maintain a database of consumer information.

We do not send consumer information outside of the United States or its territories for any purpose other than to deliver a report to an end user. Of course, if information is sought from outside of the United States, the information is gathered in that country and then transmitted to us here in the United States where it is treated as any other consumer information.

Any information gathered on any consumer may only be provided to the user authorized by the consumer or permitted by the FCRA or similar state law to receive the information. We cannot and do not share, sell or distribute consumer information with or to any third party other than the requesting party thereof. Any consumer, upon proper identification, has the right under the FCRA to request us to furnish to the consumer any and all information we may have on that consumer. The consumer has the right to dispute the accuracy or completeness of any information contained in the consumer’s file.

However, we may be required, upon receipt of a court order to release the information in civil litigation, or as otherwise required by law, to disclose information regarding a consumer to law enforcement agencies.

---

1. There is an exception for employer investigations of suspected employee misconduct or for compliance with law or employer policies, e.g., sexual harassment investigations.

---

Information Security Policy

WORKFLOW, LLC has developed and maintains policies and procedures to ensure information security over five broad areas within our environment:

• Confidentiality
• Physical Security
• Electronic Security
• Communication Security
• Portable Electronic Storage Devices

The following is an overview of our information security principles and areas of emphasis. Each of the following broad areas has multiple, detailed procedures for ensuring the information security.

Information Policy Fundamentals:

• Confidentiality

  Access to confidential consumer information is limited to those who have a legitimate need to know the information. Those with a legitimate need to have consumer information are Vendors, Clients, Employees, and Consumers.

  Vendors, Clients, and Employees are vetted, only provided/granted access/information necessary to their legitimate needs and then contractually bound to keep all information confidential. Consumers are vetted before information is disclosed.

  Employees are prohibited from “browsing” files or databases without a business justification and the prohibition is contractually bound.

  We maintain records on each request for information and identify each user who requested information on a consumer.

  Destruction of consumer information follows the Federal Trade Commission’s requirements that the information be unreadable upon disposal.

• Physical Security

  Access to our computer terminals, file cabinets, fax machines, trash bins, desktops, etc. are secure from unauthorized access. Our offices are securely locked and monitored by an alarm system. Authorized visitors to our facility are checked in and monitored.

• Electronic Security

  We maintain a secure network to safeguard consumer information from internal and external threat. Our backup data is maintained in an encrypted form. Access by users over the internet requires a confidential username and strong password.

• Communication Security

  All Consumer Information transmitted using our computer network, including email, is secured using a minimum of 128-bit SSL encryption. No Consumer Information is sent over the internet that is not encrypted or secured with a minimum of 128-bit SSL encryption. This includes the body of emails or attachments. Access by users over the internet requires a confidential username and strong password.

  Other means of communication i.e., fax and mail have specialized procedures to ensure communication security.

• Portable Electronic Storage Devices

  The storage of any consumer information outside the premises on any portable electronic storage device or media is prohibited and contractually agreed to by employees with the exception of secure transport of backup materials to approved, vetted storage facility.