Advanced Data Storage has partnered with uRISQ which offers a comprehensive approach to data security, ensuring that your business is well-protected against potential threats.
Securing Personal Data and Preparing for a Breach
What is uRISQ ?
The uRISQ platform consists of multiple modules that are ever increasing to help organizations meet their regulatory compliance: Training, the Policy Center, vulnerability scanning, and the award-winning, patented Breach Support Service™.
How does the uRISQ Program work?
uRISQ is a data privacy management platform designed to help you review, revise and revisit your business processes for handling the personal information (PI) of your customers, employees and vendors, as required by a host of legislation and regulations.
uRISQ Policy Center
Implement uRISQ Policies and Remediation Instructions
- Remediate weaknesses and train employees following system-generated policies and procedures
- Implement policies and Best Practices provided through the uRISQ portal
Revisit – Continually Improve Your Privacy Program
- Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements
What does uRISQ Breach Support do for me?
In the event of the actual or suspected breach of PI, the uRISQ Breach Support Service provides your business the needed reports to file with authorities and consumers, as required.
Your submitted breach form to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified. CSR provides your business the recommended files necessary to report the breach, and consumer notification can be prepared with your input.
Why do businesses need uRISQ?
Over 300 state, federal and international laws require businesses to protect the personal information (PI) of employees, vendors and customers. Penalties for noncompliance can include fines, prosecution and even jail time. Massachusetts and Connecticut are just two examples of many jurisdictions that require businesses that deal with their residents to maintain a comprehensive risk assessment, remediation and monitoring programs related to their handling of legally protected PI.
If organizations don’t have this program, what could happen?
While it is impossible to completely avoid a breach due to uncontrollable circumstances, 97% of breaches could have been prevented. Accidents, errors, and theft are just a few ways that information is compromised. Smart devices and wireless services compound the problem. Proactive detection and correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales, fines, lawsuits, and prosecution.
The Department of Homeland Security, the FTC, Visa, and the BBB encourage businesses to protect consumer data and plan ahead to reduce risk. All states have laws that protect their residents who might be your customers, employees, or vendors. Many laws specifically require creation and maintenance of information security programs. These laws include penalties for noncompliance.
For example, the civil penalty for violating the Connecticut Act No. 08-167, which requires the safeguarding of personal data, is $500 per violation, up to $500,000 for a single event. Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. According to Visa, businesses should “consider a breach likely and plan accordingly.”
Does Breach Support only cover items stored with Advanced Data Storage?
No, Breach Support covers the location contracted with Advanced Data Storage and provides recommended reporting and notification as needed for the breach of all PI data your business may have, whether it is stored in your office, in files that an employee takes home, or on a business laptop that is stolen while you are away on vacation.
Keep your data secure and contact us today for a quote!
Definitions
What is Personal Information or PI?
The simple answer is that it is anything that can be used to identify you. The loss of this information leads to identity theft.
Types of personal information include: name, address, phone, email, birth date, Social Security number, driver’s license, bank account and credit card information. The list continues to grow with new and revised legislation and court rulings.
Other personal information includes health information, medical records, vehicle identification numbers, license plate numbers, login credentials and passwords, school records, and even voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.
What is the difference between PCI and PI?
PCI data is just one type of personally identifiable information. The PCI Data Security Standard protects credit cardholder data such as debit or credit card number, expiration date and card security code.
What is a breach of PI?
The unauthorized access, loss, use or disclosure of information by either accident or criminal intent which can identify an individual is a breach of PI.
What is Data Breach Support?
When a breach occurs, the clock starts ticking to comply with federal, state, and other laws. Reporting involves the where, when, and how of the incident.
Available 24 hours a day, the global support team at CSR provides a dedicated Certified Information Privacy Professional (CIPP) to analyze and assess a breach event on an individual, customized bases. The privacy professional will advise you of your reporting and notification requirements, from both a regulatory and consumer notification perspective. When necessary, you will receive instructions and templates to complete any required reporting.
For the upgraded version of Data Breach Support a CSR CIPP will file all governmental and agency mandated reports on your behalf.
What is consumer notification?
Almost every state has enacted a data breach and consumer notification statute. These laws generally require businesses that have personal information about residents within a state to notify those residents when that data is compromised.
Is this insurance?
No. uRISQ Data Breach Support provides your business with the recommended reports for authorities and consumers, as required by law. This can help your business reduce liability; but the service is not insurance to cover loss or legal costs.
What are some examples of a breach?
A breach can occur in many ways, including through lost laptops or smart phones, loss or improper disposal of paper records, intrusion into your network or PC by hackers, and theft. The definition continues to expand.
Keep your data secure and contact us today for a quote!
Requirements to Protect Data
Who do I need to report a breach to?
There are many factors involved when determining who to report a breach to, including where your business is located, what kind of PI was involved in the breach, and the location of the individuals whose PI may have been compromised. Breach reporting is based on the location of your customer, not your business. Over 100 countries have data protection laws, as well as 300+ federal, state, provincial and local authorities in the U.S. and Canada.
Does CSR determine whether a breach occurred?
No. Based upon the interview with you, the Privacy Professionals determine whether reporting to authorities or notification to consumers is necessary. If reporting is required, the Privacy Professionals at CSR will provide instructions and templates to complete any necessary reporting. If consumer notification is necessary, CSR will work with you to complete them.
What laws govern PI?
Here are a few examples of the hundreds of laws and regulations that relate to the protection of personal information (PI) and requirements to report suspected or real loss.
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- Drivers Privacy Protection Act (DPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic Clinical Health (HITECH) Act
- Payment Card Industry Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- 50 US State data breach laws and 14 US State comprehensive privacy laws Data security laws requiring comprehensive information security programs to safeguard personal information, i.e. Massachusetts’ 201 CMR 17.00
Who are the enforcement agencies and others who might be involved after a breach?
Enforcement officials include various federal and state agencies as well as attorneys general,
commissioners and others. Here are a few examples:
- Federal Trade Commission (FTC)
- Consumer Financial Protection Bureau (CFPB)
- Card brands like Visa and MasterCard
- State Attorneys General
- Federal Bureau of Investigation (FBI)
- US Secret Service
- Dept. of Health and Human Services/Office of Civil Rights
What if PI shared and/or received from another organization is compromised?
If your business is a third-party provider with PI of customers, employees, or vendors of another business, then, depending upon circumstances, you may be required to report a breach of that data.
What if PI under my care is encrypted, redacted, or masked?
Even if the material is encrypted, redacted or masked, various regulations still require its protection. For
example, encryption keys must be secured.
How can I limit the threat of a data breach?
Almost everyone can do more to protect PI. CSR uRISQ helps you assess your risk in handling PI, remediate your processes, implement policies, train staff and continue to monitor and audit, as required by laws and regulations.
About CSR
Who is CSR?
CSR Privacy Solutions, Inc. is a leading provider of award-winning data life cycle management and expert services, including the patented, award-winning CSR Data Breach Support, for businesses domestically and around the globe.
CSR enables compliance with PI requirements, while facilitating best practices to reduce business risk and financial liability associated with the acquisition, handling, storage, sharing and disposal of data.
How many companies use this service?
Hundreds of thousands of businesses have enrolled in CSR privacy management and breach services.