CSR BREACH REPORTING

As part of the information security offerings of ShredPro Secure, we have added the patented, award-winning CSR Breach Reporting Service developed by the Certified Information Privacy Professionals at CSR. This is the only service helping hundreds of thousands of organizations by taking the headache and hassle out of the legal requirements to report the loss or breach of PII to an ever-increasing number of authorities, as well as mandated notification to your customers.

It’s critical that your company takes the right steps to comply with all the rules and regulations for breach reporting and consumer notification, whether the breach is actual or suspected, regardless of the size of your business or how many records may have been compromised.

Federal and state agencies will not be lenient. Non-compliance can result in fines and penalties as well as civil, criminal and class action lawsuits.

In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to authorities and notifies consumers, as required.

Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.

We are always dedicated in keeping your businesses information secure and protected. Watch the video to learn more about CSR Breach Reporting, and read the FAQ below. 

Table of Contents

Quick and Complete Reporting is Critical after Data Loss

About the CSR Breach Reporting Service™

Requirements to Protect Data and Breach Reporting

About CSR

Quick and Complete Reporting is Critical After Data Loss

All organizations that have employees, customers or vendors must, by law, comply with requirements to report and notify consumers of the loss, or suspected loss, of personally identifiable information.

Failure to report actual or suspected data loss – whether accidental or criminal, within legally mandated time frames may lead to fines, as well as civil and criminal sanctions.  For example, Visa can assess fines of up to $100,000 per breach against businesses that fail to properly report an incident.  Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. The FTC and Visa recommends that businesses plan ahead to reduce risk.

Liability rests entirely with you, as well as civil and criminal sanctions, on both state and federal levels. Penalties for missing just one report to authorities can be $15,000-100,000. New rules continue to take effect, types of data that must be protected increase, and additional agencies pile on new requirements. Short time frames to meet requirements make the learning curve unrealistic. Trained, certified privacy professionals use a proprietary system to evaluate your circumstances against hundreds of rules and regulations to determine whether reports need to be filed and/or consumers, consumer credit bureaus, and other entities notified.

About the CSR Breach Reporting Service™

CSR’s team of in-house privacy professionals use a patented, award-winning service to fulfill your mandated requirement to comply with federal, state and other laws to report the loss of personally identifiable information to authorities and notify affected individuals.

It’s a simple process. In the event that personally identifiable information is lost, or suspected to be lost, stolen or compromised:

  1. You call the toll-free number
  2. Privacy expert interviews you
  3. Privacy review panel determines:
    1. If reports need to be filed with authorities
    2. If notification needs to go to consumers and/or others
  4. Reports are filed with authorities
  5. You are notified of reporting and whether consumer notification is required
  6. You provide input for privacy expert to implement consumer notification

In the event you believe you may have lost personal data, call the toll free number provided in your welcome packet or call ShredPro Secure to retrieve it.  Leave it to the privacy professionals to determine whether any reports need to be filed or consumers notified.

The operators are available 24/7 every day of the year for you to call.

To learn more about data protection and breach reporting, go to https://www.shredprosecure.com/csr-breach-reporting/ or call us at 865-986-5444.

No. This is not breach insurance. The Breach Reporting Service™ is not an insurance product. It is a service to provide breach reporting and consumer notification. Insurance provides payment for loss.

Yes. Privacy experts will work with you to notify customers. You can also engage the privacy team for additional services separately. Contact us for further information.

The privacy professionals are not allowed, by law, to relate details to anyone other than the authorities who mandate reporting.

You should still call the toll-free number provided in your welcome packet or call ShredPro Secure to retrieve it.  Leave it to the privacy professionals to determine whether any reports need to be filed or consumers notified.

Requirements to Protect Data and Breach Reporting

The simple answer is it’s anything that can be used to identify you. The loss of this information leads to identity theft. Types of personal information include: name, address, phone, email, birthdates, Social Security numbers, driver’s license, bank account and credit card information and the list continues to grow with new and revised legislation and court rulings. Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.

PCI data is just one type of personally identifiable information. The PCI Data Security Standard protects credit cardholder data such as debit or credit card number, expiration date and card security code.

The unauthorized access, loss, use or disclosure of information by either accident or criminal intent which can identify an individual.

When a breach occurs the clock starts ticking to comply with federal, state and other laws. Reporting involves the where, when and how of the incident.

Almost every state has enacted a data breach notification statute. These laws generally require businesses that have personal information about residents within a state notify those residents when that data is compromised.

A breach can occur in many ways, including through lost laptops or smart-phones, improper disposal of paper records, or intrusion into your network or PC by hackers. The definition continues to expand.

Over 100 countries, as well as 300 federal, state and local authorities in the U.S. and Canada require reporting. Reports may also need to be filed to Visa, MasterCard and other non-governmental entities.

Here are a few examples of the hundreds of laws and regulations that relate to the protection of personally identifiable information and requirements to report suspected or real loss.

  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Drivers Privacy Protection Act (DPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic Clinical Health (HITECH) Act
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Family Educational Rights and Privacy Act (FERPA)
  • 47 state data breach laws

Enforcement officials include various federal and state agencies as well as attorneys general, commissioners and others. Here are a few examples:

  • Federal Bureau of Investigation (FBI)
  • US Secret Service
  • Federal Trade Commission (FTC)
  • Dept. of Health and Human Services/Office of Civil Rights
  • Card brands like Visa, MasterCard, etc.
  • State Attorneys General

If your business is a third-party provider and has personally identifiable information on customers, employees, or vendors, then you may be required to notify authorities and/or consumers and others that a breach, or suspected breach, has occurred.

About CSR

CSR Professional Services, Inc. is a leading provider of award-winning data life cycle management and expert services for businesses domestically and around the globe. CSR enables compliance with Personally Identifiable Information (PII) requirements while facilitating best practices to reduce the business risk and financial liability associated with the acquisition, handling, storage, sharing and disposal of data.

Hundreds of thousands of businesses have enrolled in this breach reporting service.

These experts have all received and maintain one or more certifications from the International Association of Privacy Professionals. Specialties vary from U.S., Canada, Europe, to IT, Government and the CIPM designation for Certified Information Privacy Manager.

Other services include personally identifiable information business analysis, remediation, audit, forensic, education, certification, special projects and Stand-In Privacy Officer provision. For further information, email jrice@shredprosecure.com.

Quick Contact

Reload