Protect the Personally Identifiable Information (PII) of your employees and customers
PII is any information that can identify an individual and possibly lead to identity theft or fraud. All businesses have PII, it comes from customers, employees, and vendors and is usually found in every department. It can be as obvious as a social security number or just an email address or phone number.
Protect yourself and your business
Many laws cover the retention and/or destruction of PII, breach and consumer notification protocol. Your responsibility for data protection encompasses all paper records and electronic files containing PII.
New England Document Systems Readiness Pro Edition, powered by CSR, will help your business reduce the risk of a data breach, and in the event of an actual or suspected breach, CSR takes the headache and hassle out of the legal requirements to report the loss or breach of PII to an ever-increasing number of authorities, as well as mandated notification to your customers.
How it works
CSR Readiness® – 3 simple steps
- A self-assessment data privacy questionnaire;
- Generation of remediation instructions, policies and best practices regarding compliance, security, incident response planning and audit; and
- 24/7 access to allow ongoing input and regular monitoring.
Breach Reporting Service™- 4 simple steps
- Collect all necessary information
- Call the toll-free number
- The CSR Privacy Professional will evaluate the incident using the powerful and patented CSR systems
- CSR completes all necessary reporting and, if needed, works with the user to complete consumer notification
Watch CSR’s Breach Reporting Service and Readiness videos to learn why reporting and notification is mandatory, how the service works, and who the experts are behind it.
Frequently Asked Questions
Readiness Program Technical
Securing Personal Data and Preparing for a Breach are Critical
2) Revise – Implement Readiness Policies and Remediation Instructions. Remediate weaknesses and train employees on system-generated policies and procedures.
3) Revisit – Continually Improve Risk Score. Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements.
A dashboard will show progress and generate tasks to improve compliance. You can improve your business risk scores by remediation and implementation of further program offerings. Upon successful completion of the analysis and remediation, your business will earn a Certificate of Completion and the ID Stay Safe Digital Seal that you can use on your website and advertising.
Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.
The Department of Homeland Security, the FTC, Visa and the BBB encourage businesses to protect consumer data and plan ahead to reduce risk. All states have laws that protect their residents who might be your customers, employees or vendors. Many laws specifically require creation and maintenance of information security programs. These laws include penalties for noncompliance.
For example, the civil penalty for violating the Connecticut Act No. 08-167, which requires the safeguarding of personal data, is $500 per violation, up to $500,000 for a single event.
Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. According to Visa, businesses should “Consider a breach likely and plan accordingly.”
Definitions
Types of personal information include: name, address, phone, email, birthdates, Social Security numbers, driver’s license, bank account and credit card information. The list continues to grow with new and revised legislation and court rulings.
Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.
Requirements To Protect Data
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- Drivers Privacy Protection Act (DPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic Clinical Health (HITECH) Act
- Payment Card Industry Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- 47 state data breach laws
- Data security laws requiring comprehensive information security programs to safeguard personal information, i.e. Massachusetts’ 201 CMR 17.00
- Federal Trade Commission (FTC)
- Consumer Financial Protection Bureau (CFPB)
- Card brands like Visa, MasterCard, etc.
- State Attorneys General
- Federal Bureau of Investigation (FBI)
- US Secret Service Dept. of Health and Human Services/Office of Civil Rights
About CSR
CSR enables compliance with personally identifiable information requirements, while facilitating best practices to reduce the business risk and financial liability associated with the acquisition, handling, storage, sharing and disposal of data.