BUSINESS SERVICES: BREACH REPORTING SERVICES
Provided by CSR
The loss of personally identifiable information (PII) is on the rise as technology, like laptops and USB drives, becomes more portable. While DataSafe protects records sent offsite, there are many other forms of PII that are not sent offsite and are vulnerable to a breach.
DataSafe is partnering with CSR, an industry leader in risk management, to help businesses respond quickly to a data breach. The CSR Breach Reporting Service™ ensures your company complies with legal requirements to report a loss or breach of PII within your company to an ever-increasing number of authorities, your consumers, and other affected individuals. There may be as many as 300 authorities in the U.S. and Canada involved. Many require reports immediately or within 24-72 hours after an incident.
Once enrolled, in the event of an actual or suspected loss, breach or compromise of PII within your company, a member of the CSRPS team of privacy professionals initiates the evaluation of the incident to determine and inform you if authorities and consumers must be notified. Reports are filed with authorities in a timely fashion as stipulated by law and consumer notification can be prepared with your input.
For more information on Breach Reporting Services, please Request a Quote or call 800-275-SAFE.
View the CSR Breach Reporting Service Video.
View CSR Case Studies.
Frequently Asked Questions
QUICK AND COMPLETE REPORTING IS CRITICAL AFTER DATA LOSSWhy do businesses need this service? View
If organizations don't have this service, what could happen? View
For example, Visa can assess fines of up to $100,000 per breach against businesses that fail to properly report an incident. Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. The FTC and Visa recommends that businesses plan ahead to reduce risk.
Why companies shouldn't try to do this themselves View
New rules continue to take effect, types of data that must be protected increase, and additional agencies pile on new requirements. Short time frames to meet requirements make the learning curve unrealistic.
Trained, certified privacy professionals use a proprietary system to evaluate your circumstances against hundreds of rules and regulations to determine whether reports need to be filed and/or consumers, consumer credit bureaus, and other entities notified.
REQUIREMENTS TO PROTECT DATA AND BREACH REPORTINGWhat is personally identifiable information? View
Types of personal information include: name, address, phone, email, birth dates, Social Security numbers, driver's license, bank account and credit card information and the list continues to grow with new and revised legislation and court rulings.
Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.
What is the difference between PCI and personal information? View
What is a breach of personally identifiable information? View
What is data breach reporting? View
What is consumer notification? View
What are some examples of a breach? View
Who do you need to report a breach to? View
What laws govern personally identifiable information? View
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- Drivers Privacy Protection Act (DPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic Clinical Health (HITECH) Act
- Payment Card Industry Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- 47 state data breach laws
Who are the enforcement agencies and others who might be involved after a breach? View
- Federal Bureau of Investigation (FBI)
- US Secret Service
- Federal Trade Commission (FTC)
- Dept. of Health and Human Services/Office of Civil Rights
- Card brands like Visa, MasterCard, etc.
- State Attorneys General
What if personally Identifiable information under my care is encrypted, redacted, or masked? View
ABOUT CSRWho is CSR? View
How many companies use this service? View
What qualifications do these "experts" have to collect this information and file reports? View