CSR Readiness Program: Technical
To begin, go to our CSR Readiness page to register and create credentials to begin the process. You will have 24/7 access to your account.
Your user name is the email address you registered with when signing up for Readiness. If you change your original registration email address using My Account in Readiness, this updated email address becomes your ‘user name’.
To retrieve your password, you need the email address you entered during registration or the updated email address you associated with your account using My Account in Readiness. Click the Forgot Password link on the Log In screen. Enter in your email address and click the Email Link button. A reset password link will be sent to that email address. Click on that link to reset your password. If you do not receive that email or have any problems resetting your password, contact support@csrps.com for further assistance.
To navigate back to questions you skipped, use the Next and/or Back buttons located at the bottom of your questionnaire. You can also click the Show Progress tab and click directly onto the domain of the question you would like to go back to. Before submitting your questionnaire, you will also be prompted to complete any required questions that have not been answered.
You can skip questions and come back to them later. You will want to ensure all questions are answered prior to submitting your questionnaire, as not answering a question will affect your score and the suggested remediation tasks and associated policy and procedure offerings the system generates for you.
It will take about one hour to complete the assessment. The entire evaluation and remediation process may take longer should consultation or research be required to answer some of the questions. Progress within the assessment is saved as questions are answered. You can leave the assessment and come back to it at a later time to finish. Your answers up to that point will be saved.
This digital seal is a stamp that you can place on your website to inform your customers, affiliates, potential clients, corporate insurers, and others that your organization has performed a thorough self-assessment of your processes to protect personally identifiable information. This indicates that you have policies in place to maintain a high level of vigilance, audit, and association education about protection of personally identifiable information within your organization.
Once the self-assessment has been taken and the recommended remediation tasks have been completed, an email will be sent to the associated account’s registered email address with the certification seal and instructions for its publication and how to embed it on your web page. If there are any issues regarding the using the completion seal, contact support@csrps.com for further assistance.
CSR Readiness 3-Step Process
Detect all locations of personally identifiable information (PII) in an organization.
Determine how PII is:
- Acquired
- Accessed
- Handled
- Transmitted
- Stored
- Destroyed
Remediate weaknesses and train employees by following system-generated policies and procedures.
Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements.
A dashboard will show progress and generate tasks to improve compliance. You can improve your business risk scores by remediation and implementation of further program offerings. Upon successful completion of the analysis and remediation, your business will earn a Certificate of Completion and the ID Stay Safe Digital Seal that you can use on your website and advertising.
Need to contact the CSR Breach Reporting Service? Call 1-888-301-6449
Securing Personal Data and Preparing for a Breach
The Readiness Pro comprises the patent-pending risk assessment program CSR Readiness and the award winning CSR Breach Reporting Service™.
CSR Readiness Program is an online self-assessment tool that helps you review, revise and revisit your
business processes for handling the personally identifiable information (PII) of your customers,
employees and vendors, as required by a host of legislation and regulations.
Once you have completed the self-assessment evaluation and implemented the remediation tasks, you
will be awarded the Certificate of Completion. This can be placed on your website and is valid for one
year from date of issue. By annually revisiting your self-assessment, you can maintain this Certificate of
Completion.
In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to
authorities and notifies consumers, as required.
Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident
to determine if authorities and consumers must be notified. CSR files the necessary breach reports on
your behalf, and consumer notification can be prepared with your input.
Many state, federal and international laws require businesses to protect the personally identifiable
information (PII) of employees, vendors and customers. Penalties for noncompliance can include fines,
prosecution and even jail time. Massachusetts and Connecticut are just two examples of many
jurisdictions that require businesses that deal with their residents to maintain comprehensive risk
assessment, remediation and monitoring programs related to their handling of legally protected PII.
While it’s impossible to completely avoid a breach due to uncontrollable circumstances, 97% of
breaches could have been prevented. Accidents, errors and theft are just a few ways that information is
compromised. Smart devices and wireless services compound the problem. Proactive detection and
correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales,
fines, lawsuits and prosecution.
The Department of Homeland Security, the FTC, Visa and the BBB encourage businesses to protect
consumer data and plan ahead to reduce risk. All states have laws that protect their residents who
might be your customers, employees or vendors. Many laws specifically require creation and
maintenance of information security programs. These laws include penalties for noncompliance.
For example, the civil penalty for violating the Connecticut Act No. 08-167, which requires the
safeguarding of personal data, is $500 per violation, up to $500,000 for a single event.
Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors.
According to Visa, businesses should “consider a breach likely and plan accordingly.”
No, the Breach Reporting Service covers the location contracted with ATI Secure Docs and handles
reporting and notification as needed for the breach of all PII data your business may have, whether it is
stored in your office, in file an employee takes home, or on a business laptop that is stolen while you are
away on vacation.
Definitions
The simple answer is that it’s anything that can be used to identify you. The loss of this information
leads to identity theft.
Types of personal information include: name, address, phone, email, birth date, Social Security number,
driver’s license, bank account and credit card information. The list continues to grow with new and
revised legislation and court rulings.
Other personal information includes health information, medical records, vehicle identification
numbers, license plate numbers, login credentials and passwords, school records, and even voice
recognition files. Fingerprints, retina scans, and handprints are also considered personal information.
PCI data is just one type of personally identifiable information. The PCI Data Security Standard protects
credit cardholder data such as debit or credit card number, expiration date and card security code.
The unauthorized access, loss, use or disclosure of information by either accident or criminal intent
which can identify an individual is a breach of PII.
When a breach occurs, the clock starts ticking to comply with federal, state and other laws. Reporting
involves the where, when and how of the incident.
Almost every state has enacted a data breach notification statute. These laws generally require
businesses that have personal information about residents within a state to notify those residents when
that data is compromised.
No. The CSR Breach Reporting Service reports to authorities and notifies consumers, as required In the
event of the actual or suspected breach of PII, and this can reduce your liability; but the service is not
insurance to cover loss or legal costs.
A breach can occur in many ways, including through lost laptops or smart phones, loss or improper
disposal of paper records, intrusion into your network or PC by hackers, and theft. The definition
continues to expand.
Requirements to Protect Data
Who you need to report to in the event of a particular breach depends on many factors, including where
you are located, what kind of PII was involved in the breach, and the location of the individuals whose
PII may have been compromised. Over 100 countries have data protection laws, as well as 300+ federal,
state, provincial and local authorities in the U.S. and Canada.
If you are reporting to the CSR Breach Reporting Service, please call the toll-free number 888-301-6449.
No. Based upon our interview with you, our Privacy Professionals determine whether reporting to
authorities or notification to consumers is necessary. If reporting is required, our Privacy Professionals
will do so on your behalf. If consumer notification is necessary, we will work with you to do so.
Here are a few examples of the hundreds of laws and regulations that relate to the protection of
personally identifiable information (PII) and requirements to report suspected or real loss.
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit
- Reporting Act (FCRA)
- Drivers Privacy Protection Act (DPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic Clinical Health (HITECH) Act
- Payment Card Industry Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- 50 state data breach laws
- Data security laws requiring comprehensive information security programs to safeguard
personal information, i.e. Massachusetts’ 201 CMR 17.00
Enforcement officials include various federal and state agencies as well as attorneys general,
commissioners and others. Here are a few examples:
- Federal Trade Commission (FTC)
- Consumer Financial Protection Bureau (CFPB)
- Card brands like Visa and MasterCard
- State Attorneys General
- Federal Bureau of Investigation (FBI)
- US Secret Service
- Dept. of Health and Human Services/Office of Civil Rights
If your business is a third-party provider with PII of customers, employees, or vendors of another
business, then, depending upon circumstances, you very likely are required to protect a breach of that
data.
Even if the material is encrypted, redacted or masked, various regulations still require its protection. For
example, encryption keys must be secured.
Almost everyone can do more to protect PII. CSR Readiness helps you assess your risk in handling PII,
remediate your processes, implement policies, train staff and continue to monitor and audit, as required
by laws and regulations.
About CSR
CSR Privacy Solutions, Inc. is a leading provider of award-winning data life cycle management and expert
services, including the patented, award-winning CSR Breach Reporting Service™, for businesses
domestically and around the globe.
CSR enables compliance with PII requirements, while facilitating best practices to reduce business risk
and financial liability associated with the acquisition, handling, storage, sharing and disposal of data.
Hundreds of thousands of businesses have enrolled in CSR data management and breach services.
Other services include PII business analysis, remediation, audit, forensic, education, certification, special
projects and Stand-In Privacy Officer provision. For further information, email contact@austintask.com.
Go to austintask.com to read more about protecting personal information.