1. What is CSR Readiness® Pro Edition?

The Readiness Pro Edition comprises the patent-pending risk assessment program CSR Readiness® and the award-winning CSR Breach Reporting Service™.

2. Why do businesses need this Pro Edition?

Various state, federal and international laws require businesses to protect the personally identifiable information of employees, vendors and customers. Penalties for noncompliance can include fines, prosecution and even jail time. Massachusetts and Connecticut are just two examples of many jurisdictions that require businesses that deal with their residents maintain comprehensive risk assessment, remediation and monitoring programs related to their handling of legally protected personal information, known as PII.

3. How does the CSR Readiness® Program work?

CSR Readiness® Program is an online self-assessment tool that helps you review, revise and revisit your business processes for handling the personally identifiable information (PII) of your customers, employees and vendors as required by a host of legislation and regulations.

4. What does CSR Breach Reporting Service do for me?

In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to authorities and notifies consumers, as required.

Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.

5. Does the Breach Reporting Service ONLY cover items stored within Lincoln Archives?

No, the Breach Reporting Service covers the location contracted with Lincoln Archives and handles reporting and notification as needed for the breach of ALL PII data your business may have, whether it is stored in your office, an employee takes a file home, or your business laptop is stolen while you are away on vacation.

6. What is personally identifiable information or PII?

The simple answer is that it’s anything that can be used to identify you. The loss of this information leads to identity theft.

Types of personal information include: name, address, phone, email, birthdates, Social Security numbers, driver’s license, bank account and credit card information. The list continues to grow with new and revised legislation and court rulings.

Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.

7. What is a breach of personally identifiable information and what is data breach reporting?

The unauthorized access, loss, use or disclosure of information by either accident or criminal intent which can identify an individual. When a breach occurs, the clock starts ticking to comply with federal, state and other laws. Reporting involves the where, when and how of the incident.

8. What laws govern personally identifiable information?

Here are a few examples of the hundreds of laws and regulations that relate to the protection of personally identifiable information (PII) and requirements to report suspected or real loss.

• 47 state data breach laws
• Gramm-Leach-Bliley Act (GLBA)
• Fair Credit Reporting Act (FCRA)
• Drivers Privacy Protection Act (DPPA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic Clinical Health (HITECH) Act
• Payment Card Industry Data Security Standard (PCI-DSS)
• Family Educational Rights and Privacy Act (FERPA)
• Data security laws requiring comprehensive information security programs to safeguard personal information, i.e. Massachusetts’ 201 CMR 17.00

9. Is this Insurance?

No. The CSR Breach Reporting Service reports to authorities and notifies consumers, as required In the event of the actual or suspected breach of PII.

10. Who is CSR?

CSR Professional Services, Inc. is a leading provider of award-winning data life cycle management and expert services for businesses domestically and around the globe, including the patented, award-winning CSR Breach Reporting Service™.