2019 Corporate Responsibility Report

Privacy and
Data Security

The threat of customers’ data being stolen is constant and growing. We consider it our responsibility to help customers manage these risks, and we offer a range of products and services to ensure customers’ data security.

Protection Products

Identity Theft Protection

In 2018-19, we introduced affordable, comprehensive identity theft protection that includes the monitoring of thousands of data sources every day, dedicated resolution specialists, and up to $1 million in identity theft insurance. The protection is affordable, making it accessible to customers at any income level. Our identity protection product works hard, offering benefits such as:

  • Credit balance, limit, and utilization alerts.
  • Identity verification alerts.
  • Monitoring for kids’ spending.
  • Monthly three-bureau credit activity summaries.

We also offer a free service that monitors risky websites and alerts Discover cardmembers if their social security number is found. In addition, Discover will alert cardmembers if any new credit cards, mortgages, car loans, or other accounts are opened on their Experian® credit report. These new alerts are aimed at helping Discover cardmembers protect themselves from identity theft or fraud.

discover Freeze It®

If customers are concerned that they misplaced their card, Discover Freeze it® allows them to freeze their accounts in seconds from the Discover mobile app or online. The service acts like an on/off switch. While cards are frozen, purchases, cash advances, and balance transfers will be stopped.

Cybersecurity

The nature of our business requires that we handle confidential information not available to the general public. This includes customer and employee information, as well as proprietary business information. It is imperative that this information is secure and stored safely to mitigate security threats, including those due to human factors. Discover promotes and requires companywide awareness of and adherence to information security policies, standards, and safe business practices in an effort to avoid damage to customers, business partners, and our organization, any of which could lead to devastating consequences.

Privacy

Privacy primarily focuses on the appropriate collection, use, storage, retention, and disposal of personal information, including personal information of employees and nonpublic personal information (NPI) of customers. Discover employees who compromise confidential information are at risk of legal penalties and disciplinary action, up to and including termination of employment. Discover employees are required to complete annual training on data security. Discover’s chief information security officer also regularly reports on data security measures to both the audit and risk oversight committees within the board of directors.

In addition to the California Consumer Privacy Act and General Data Protection Regulation as applicable, key regulations that Discover policies abide by include the Gramm-Leach-Bliley Act (GLBA) and Regulation, and the Sarbanes-Oxley Act (SOX). We have developed programs to comply with privacy laws and provide our consumers with transparency and control of their information.

In early 2020, Discover held a cross-functional panel discussion titled Guardians of the Data to address how we responsibly collect, use, and protect sensitive personal data. The panel addressed key topics, including what constitutes sensitive data, when Discover can collect and use sensitive data, and how Discover retains and protects sensitive data.