CSR Readiness® Pro - Frequently Asked Questions

Readiness Technical Program

To retrieve your password, you need the email address you entered during registration or the updated email address you associated with your account using My Account in Readiness. Click the Forgot Password link on the Log In screen. Enter in your email address and click the Email Link button. A reset password link will be sent to that email address. Click on that link to reset your password. If you do not receive that email or have any problems resetting your password, contact support@csrps.com for further assistance.

How do I go back to some questions I skipped?

I don't know an answer to a question - can I just skip it?

How long will it take to complete this assessment?

What is the ID Stay Safe seal?

This digital seal is a stamp that you can place on your website to inform your customers, affiliates, potential clients, corporate insurers, and others that your organization has performed a thorough self-assessment of its processes to protect personally identifiable information. This indicates that you have policies in place to maintain a high level of vigilance, audit, and association education about protection of personally identifiable information within your organization.

How do I put the completion seal on my website?

Once the self-assessment has been taken and the recommended remediation tasks have been completed, an email will be sent to the associated account's registered email address with the certification seal and instructions for its publication and how to embed it on your web page. If there are any issues regarding the use of the completion seal, contact support@csrps.com for further assistance.

Securing Personal Data and Preparing for a Breach

What is CSR Readiness Pro?

How does the CSR Readiness Program Work?

CSR Readiness 3 Step Process:

1) Review - Take a Self-Assessment Evaluation

Detect all locations of personally identifiable information (PII) in an organization
Determine how PII is:
- Acquired
- Accessed
- Handled
- Transmitted
- Stored
- Destroyed

2) Revise - Implement Readiness Policies and Remediation Instructions

Remediate weaknesses and train employees following system-generated policies and procedures.

3) Revisit - Continually Improve Risk Score

Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements.
A dashboard will show progress and generate tasks to improve compliance. You can improve your business risk scores by remediation and implementation of further program offerings. Upon successful completion of the analysis and remediation, your business will earn a Certificate of Completion and the ID Stay Safe Digital Seal that you can use on your website and advertising.

What does the Certificate of Completion signify?

What does CSR Breach Reporting Service do for me?

In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to authorities and notifies consumers, as required. Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.

Why do businesses need this Pro?

Many state, federal and international laws require businesses to protect the personally identifiable information (PII) of employees, vendors and customers. Penalties for noncompliance can include fines, prosecution and even jail time. Massachusetts and Connecticut are just two examples of many jurisdictions that require businesses that deal with their residents to maintain comprehensive risk assessment, remediation and monitoring programs related to their handling of legally protected PII.

If organizations don’t have this program, what could happen?

While it's impossible to completely avoid a breach due to uncontrollable circumstances, 97% of breaches could have been prevented. Accidents, errors and theft are just a few ways that information is compromised. Smart devices and wireless services compound the problem. Proactive detection and correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales, fines, lawsuits and prosecution.

The Department of Homeland Security, the FTC, Visa and the BBB encourage businesses to protect consumer data and plan ahead to reduce risk. All states have laws that protect their residents who might be your customers, employees or vendors. Many laws specifically require creation and maintenance of information security programs. These laws include penalties for noncompliance.

For example, the civil penalty for violating the Connecticut Act No. 08-167, which requires the safeguarding of personal data, is $500 per violation, up to $500,000 for a single event. Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. According to Visa, businesses should “consider a breach likely and plan accordingly.”

Does Breach Reporting Service only cover items stored with Pure Data Services?

Definitions

What is personally identifiable information or Pll?

The simple answer is that it’s anything that can be used to identify you. The loss of this information leads to identity theft.

Types of personal information include: name, address, phone, email, birth date, Social Security number, driver’s license, bank account and credit card information. The list continues to grow with new and revised legislation and court rulings.

Other personal information includes health information, medical records, vehicle identification numbers, license plate numbers, login credentials and passwords, school records, and even voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.

What is the difference between PCI and PII?

What is a breach of PII?

What is data breach reporting?

What is consumer notification?

Is this insurance?

What are some examples of a breach?

Requirements to Protect Data

Who do I need to report a breach to?

Does CSR determine whether a breach occurred?

What laws govern PII?

Here are a few examples of the hundreds of laws and regulations that relate to the protection of personally identifiable information (PII) and requirements to report suspected or real loss.

• Gramm-Leach-Bliley Act (GLBA)

• Fair Credit Reporting Act (FCRA)

• Drivers Privacy Protection Act (DPPA)

• Health Insurance Portability and Accountability Act (HIPAA)

• Health Information Technology for Economic Clinical Health (HITECH) Act

• Payment Card Industry Data Security Standard (PCI-DSS)

• Family Educational Rights and Privacy Act (FERPA)

• 50 state data breach laws

• Data security laws requiring comprehensive information security programs to safeguard personal information, i.e. Massachusetts’ 201 CMR 17.00

Who are the enforcement agencies and others who might be involved after a breach?

What if PII shared and/or received from another organization is compromised?

What if PII under my care is encrypted, redacted, or masked?

How can I limit the threat of a data breach?

About CSR

Who is CSR?

CSR Privacy Solutions, Inc. is a leading provider of award-winning data life cycle management and expert services, including the patented, award-winning CSR Breach Reporting Service™, for businesses domestically and around the globe.

CSR enables compliance with PII requirements, while facilitating best practices to reduce business risk and financial liability associated with the acquisition, handling, storage, sharing and disposal of data.

How many companies use this service?

Can you help me with other privacy services?

Can you send me information?