IPS Readiness Pro Edition

Powered by

Protect the Personally Identifiable Information (PII) of your employees and customers

PII is any information that can identify an individual and possibly lead to identity theft or fraud.  All businesses have PII, it comes from customers, employees, and vendors and is usually found in every department.  It can be as obvious as a social security number or just an email address or phone number.

Protect yourself and your business

Many laws cover the retention and/or destruction of PII, breach and consumer notification protocol.  Your responsibility for data protection encompasses all paper records and electronic files containing PII.

IPS Readiness Pro Edition, powered by CSR, will help your business reduce the risk of a data breach, and in the event of an actual or suspected breach, CSR takes the headache and hassle out of the legal requirements to report the loss or breach of PII to an ever-increasing number of authorities, as well as mandated notification to your customers.

Case Studies

How It Works

CSR Readiness® – 3 simple steps

  • A self-assessment data privacy questionnaire;
  • Generation of remediation instructions, policies and best practices regarding compliance, security, incident response planning and audit; and
  • 24/7 access to allow ongoing input and regular monitoring.

Breach Reporting Service™ – 4 simple steps

  • Collect all necessary information
  • Call the toll-free number
  • The CSR Privacy Professional will evaluate the incident using the powerful and patented CSR systems
  • CSR completes all necessary reporting and, if needed, works with the user to complete consumer notification

Watch CSR’s Breach Reporting Service and Readiness videos to learn why reporting and notification is mandatory, how the service works, and who the experts are behind it.

Frequently Asked Questions

DEFINITIONS

The simple answer is that it’s anything that can be used to identify you. The loss of this information leads to identity theft.

Types of personal information include: name, address, phone, email, birthdates, Social Security numbers, driver’s license, bank account and credit card information.  The list continues to grow with new and revised legislation and court rulings.

Other personal information includes health information, medical records, Vehicle Identification Numbers, license plate numbers, login credentials and passwords, school records as well as voice recognition files. Fingerprints, retina scans, and handprints are also considered personal information.

PCI data is just one type of personally identifiable information. The PCI Data Security Standard protects credit cardholder data such as debit or credit card number, expiration date and card security code.
The unauthorized access, loss, use or disclosure of information by either accident or criminal intent which can identify an individual.
When a breach occurs, the clock starts ticking to comply with federal, state and other laws.  Reporting involves the where, when and how of the incident.
Almost every state has enacted a data breach notification statute.  These laws generally require businesses that have personal information about residents within a state to notify those residents when that data is compromised.
No.   The CSR Breach Reporting Service reports to authorities and notifies consumers, as required in the event of the actual or suspected breach of PII.
A breach can occur in many ways, including through lost laptops or smart phones, loss or improper disposal of paper records, intrusion into your network or PC by hackers and theft.  The definition continues to expand.

Securing Personal Data and Preparing for a Breach are Critical

The Readiness Pro Edition comprises the patent-pending risk assessment program CSR Readiness® and the award winning CSR Breach Reporting Service™.
CSR Readiness® Program is an online self-assessment tool that helps you review, revise and revisit your business processes for handling the personally identifiable information (PII) of your customers, employees and vendors as required by a host of legislation and regulations.

CSR Readiness® 3 Step Process:

  1. Review – Take a Self-Assessment Evaluation
    • Detect location of personally identifiable information (PII) in an organization
    • Determine how PII is:
      • Acquired
      • Accessed
      • Handled
      • Transmitted
      • Stored
      • Destroyed
  2. Revise – Implement Readiness Policies and Remediation Instructions
    • Remediate weaknesses and train employees on system-generated policies and procedures
  3. Revisit – Continually Improve Risk Score
    • Routinely monitor and audit performance to meet legal, regulatory and other compliance requirements

A dashboard will show progress and generate tasks to improve compliance.  You can improve your business risk scores by remediation and implementation of further program offerings.  Upon successful completion of the analysis and remediation, your business will earn a Certificate of Completion and the ID Stay Safe Digital Seal that you can use on your website and advertising.

Once you have completed in the self-assessment evaluation and implemented the remediation tasks, you will be awarded the Certificate of Completion.  This can be placed on your website and is valid for one year from date of issue.  By annually revisiting your self-assessment, you can maintain this Certificate of Completion.
In the event of the actual or suspected breach of PII, the CSR Breach Reporting Service reports to authorities and notifies consumers, as required.

Your call to the in-house CSR team of privacy professionals initiates a custom evaluation of your incident to determine if authorities and consumers must be notified.  CSR files the necessary breach reports on your behalf, and consumer notification can be prepared with your input.

Various state, federal and international laws require businesses to protect the personally identifiable information of employees, vendors and customers. Penalties for noncompliance can include fines, prosecution and even jail time.  Massachusetts and Connecticut are just two examples of many jurisdictions that require businesses that deal with their residents maintain comprehensive risk assessment, remediation and monitoring programs related to their handling of legally protected personal information, known as PII.
While it’s impossible to completely avoid a breach due to uncontrollable circumstances, 97% could have been prevented.  Accidents, errors and theft are just a few ways that information is compromised. Smart devices and wireless services compound the problem.  Proactive detection and correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales, fines, lawsuits and prosecution.

The Department of Homeland Security, the FTC, Visa and the BBB encourage businesses to protect consumer data and plan ahead to reduce risk.  All states have laws that protect their residents who might be your customers, employees or vendors.  Many laws specifically require creation and maintenance of information security programs.  These laws include penalties for noncompliance.

For example, the civil penalty for violating the Connecticut Act No. 08-167, which requires the safeguarding of personal data, is $500 per violation, up to $500,000 for a single event.

Lost trust means lost sales. The fallout of data breaches has caused businesses to close their doors. According to Visa, businesses should “Consider a breach likely and plan accordingly.”

No, the Breach Reporting Service covers the location contracted with IPS and handles reporting and notification as needed for the breach of ALL PII data your business may have, whether it is stored in your office, an employee takes a file home, or your business laptop is stolen while you are away on vacation.

REQUIREMENTS TO PROTECT DATA