CSR Breach Reporting Service

CSR Breach Reporting Service™

Is your business prepared to handle the mandated regulatory requirements related to a data breach? The stakes are high.

Fulfill your legal requirements, protect your reputation, and avoid fines with a comprehensive data breach reporting and consumer notification service.


CSR Awards: Breach Reporting ServiceYour company possesses a great deal of personally identifiable information (PII) about your customers, employees, and vendors. Information like dates of birth, financial information, and Social Security numbers are considered PII. If a data breach occurs, you need to be adequately prepared to deal with the incident. You have a legal responsibility to report the breach.

Responding to a data breach can be complicated - if you do not have an expert at your side. With CSR's Breach Reporting Service, you simply call an IAPP-certified expert at CSR if you have a suspected breach. They will assess the situation using a rigorous process and extensive experience to determine if reporting is required.

CSR handles all of the required regulatory reporting to state and federal agencies. We analyze the reporting needs of 300+ regulatory bodies and 105 sovereign nations. If customer notification is required, CSR will guide you through this delicate process.

CSR’s Breach Reporting Service™ acts quickly to remove fear, confusion, and panic from a difficult situation. Your business will save money, protect its reputation, and minimize lost productivity. And you’ll know your company is in good hands thanks to CSR’s extensive knowledge and years of experience in data breach reporting.

Let the experts guide your business through the aftermath of a data breach.

Download the Technical Factsheet on our patented Breach Reporting Service.

Download the Breach Reporting Service Product Overview.

View a Video Overview of the Breach Reporting Service.


Physical loss or theft of devices is arguably the most common form of data breach. Many companies forget about the simple vectors while worrying about the complex ones.

Increased reliance on digital data has caused data breaches to skyrocket in recent years. Certainly data breaches are much more in the the public eye and the breaches are larger. Between 2015 and 2016, the number of breaches reported in the United States increased by nearly 40 percent, reaching an all-time high. A staggering 36.6 million records were exposed in 2016.

When hackers steal millions of records, the situation makes news headlines. But in reality, data breaches occur quietly and frequently in businesses just like yours. These breaches are not limited to cyberspace—in fact, most losses of data are physical. Lost or stolen laptops, mobile phones, thumb drives, and briefcases that hold digital data comprise a large percentage of the data breaches that occur each year. Whether they are due to a physical loss or online hacking or a phishing scheme, data breaches can devastate a small business.

Invest in CSR's Breach Reporting Service today to mitigate costly fines, reputation loss, and untold stress should a breach occur. With a single phone call, you’ll set the ball rolling for timely and accurate data breach reporting and consumer notifications that adhere to the law. The security of being prepared is well worth the investment.

  • Provides peace of mind
  • Saves your business time and money
  • Translates complex laws and regulations into accessible, actionable information
  • Mitigates your risk of civil and/or criminal penalties due to incorrect reporting
  • Fullfills regulatory breach reporting requirements
  • Provides a key part of your Incident Response Plan
  • Offers a single point of contact to simplify the situation
  • Certified Information Privacy Professionals (CIPP)
  • Award-winning data breach reporting services
  • Coverage of suspected or actual data breaches within your organization
  • Response time of less than 2 hours
  • Proof of Compliance after a breach occurrence, providing a defensible position in case of litigation


Most Common Types and Methods of Data Breaches

Our world is full of data. With today’s advanced technology, reaching a company’s data is easier than ever for hackers, former or disgruntled employees, and competitors. Sensitive business data is often stored on cloud servers, local machines, and enterprise databases, leaving it vulnerable. Here are some of the most common culprits for data breaches that occur within organizations.

  • Insider Theft: an employee intentionally or unintentionally takes company data.
  • Hacking: skilled computer experts break into a computer system or network.
  • Data on the Move: data is accessed by an unauthorized person during migration.
  • Physical Theft: a laptop or other device containing sensitive information is stolen. This also includes theft of hard-copy paper files, notebooks, etc.
  • Third-Party Errors: a business associate gains access to sensitive data.
  • Employee Error: a current company employee is negligent (e.g., loses their laptop).
  • Malware: accidental exposure occurs due to malware on a device.
  • Unauthorized Access: sensitive data is exposed to someone who does not have the proper authority.


What Counts as a Data Breach?

A data breach has occurred when an unauthorized individual gains access to sensitive, protected, or confidential data, or when an authorized individual uses their access to data inappropriately.

Is a data breach serious?

Not every data breach is seriousbut they can be downright catastrophic. When personally identifiable information (PII) or other sensitive data is leaked, it can have severe consequences for individuals and companies.

Data breaches can compromise a variety of personal information. A 2017 report by NY Attorney General Eric Schneiderman revealed that the most common information leaked during 2016 was Social Security numbers, followed by financial information (including credit card numbers) and driver’s license numbers. These types of serious breaches can leave people open to identity theft and fraud. Breaches can also reveal company trade secrets or intellectual property.

Breach Example: The Phishing Trip. Your HR employee receives an email with an attachment labeled “Resume.” The employee opens the attachment, causing the computer to become infected by malware. (The anti-malware on your employee’s device was out-of-date.) Now the PII of multiple employees and applicants is at risk.

Malware Protection, Employee Training

Breach Example: The Lost Laptop. A Human Resources employee misplaces a laptop containing unencrypted sensitive information. A stranger finds the laptop full of data: employee PII, spreadsheets with customer data, emails with vendor data, and more.

Encryption, Data Masking

Strategic Alliance

CSR provides enhanced breach reporting and PII compliance services to over 100K businesses worldwide. To broaden our offerings and strengthen the value we bring these customers, we have strategically allied our business with Equifax®.

CSR customers now have access to optional Equifax® tools and features such as identity restoration, consumer notification, credit monitoring, and automatic fraud alerts (a fraud alert encourages potential lenders to take extra steps to verify your identity before extending credit).

How Does Equifax® Work with CSR's
Breach Reporting Service?

Customers use the Breach Reporting Service the same as in the past. If you suspect you have had a breach, call our hotline. We will guide you through the process and determine if the event requires regulatory reporting and/or consumer notification. Now, if consumer notification is required, we may recommend Equifax® products to you using a preferred pricing schedule.

We have broadened our knowledge of enhanced consumer notification options so that we can better advise you. You may know that several states now require credit monitoring to be offered to victims of a data breach in certain circumstances.

CSR remains your primary point of contact. We will always provide you with our expert advice on privacy practices and data compliance.

What Enhanced Consumer Notification Services are Available?
Equifax Breach Services
Credit Monitoring

Daily monitoring of your credit files with alerts for key changes like new credit inquiries, new accounts established, name/address changes, new and changed public records (bankruptcy, collections, suits or judgments and/or liens), account balance changes ($ amount and %) and dormant account activity.

Consumer Notification

Mailing services to print, insert and mail notification letters. Address Append: a way to refresh your mail file with updated address information to boost deliverability rates. Notification letter forms and email services.

Incident Response Call Centers

Event-specific hotlines - outsourced live agent call centers to inform impacted consumers.

Identity Restoration

A dedicated agent works directly with the merchant/entity on the consumer’s behalf to resolve their ID theft issues using consumer-granted Limited Power Of Attorney (LPOA).


Referral to experienced forensics teams and crisis management consultants, and legal assistance if desired.

Credit Monitoring Options

Four primary options are available. All are online solutions which provide consumers with daily credit monitoring and fraud alerts.

  • Equifax® ID Patrol™
  • Equifax® Credit Watch Gold™ with 3-in1 Monitoring
  • Equifax® Credit Watch™ Gold with Web Detect™
  • Equifax® Credit Watch™ Silver

Including multiple credit bureaus and the level of identity theft insurance are two variables to affect the value and pricing of the plans.

Consumer Notification

Equifax® focuses a lot of attention on the details of consumer notification. They offer services that include:

  • Mail shop services
  • Email notification
  • Address Append services
  • Incident-specific call centers
Preferred Pricing

Your relationship with CSR means you have access to Equifax® products. Call us first to receive preferred pricing.


Equifax® is a registered trademark and Equifax ID Patrol™, Equifax Credit Watch™ Gold, and Equifax Credit Watch™ Silver are trademarks of Equifax Inc. © 2017, Equifax Inc., Atlanta, Georgia. All rights reserved. All other marks are property of their respective owners.

Vermont Grocer Fined $15,000

Vermont Grocer Fined $15,000; Incurred Another $15,000 to Implement New System
A local, family-owned grocer, Natural Provisions, was penalized for failing to protect consumer data and taking too long to respond to the data breach. They violated the state’s Security Breach Notice Act and Consumer Protection Act and were required to implement a new POS system—costing them more than $30,000.

Data Breach Triggers $50,000 Fine

When a laptop, containing the personal health information (PHI) of 441 patients, was stolen, The Hospice of North Idaho agreed to pay the U.S. Department of Health and Human Services $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The hospice did not have policies or procedures in place to address mobile device security as required by the HIPAA Security Rule.

Our Data Breach Analysis Process

CSR Breach Reporting Process

Why is it so important to think about Breach Reporting now?

When responding to a data breach, one wrong move can cost your company everything. Expensive fines, civil and criminal penalties, a tarnished reputation, and a loss of future sales can ruin a small business. Invest in CSR's Breach Reporting Service and rest easy knowing your business has a plan if a breach occurs. For more information or to order the service, contact us today to find an authorized reseller.

Protection of PII can’t be taken lightly. There are numerous laws and regulations you must follow when handling PII. If you ignore the issue, your business is at risk of financial penalties, criminal prosecution, lawsuits, customer attrition and overall brand erosion. Don’t be reactive—be proactive. That’s the best way to save your business time, money, and resources.

Density of Privacy Regulations by State
How do Privacy Regulations Affect Your State?

Alabama currently has no statutes that regulate breach reporting, and North Carolina has 43 regulations. Find out how many regulations directly affect your state by checking our interactive PII compliance regulation map at csrps.com. But remember, your business is not just bound by the policies of your home state. You are subject to the privacy laws of every state where your customers reside.

What is data breach reporting?

If organizations suspect a breach, legislation in most states and multiple federal agencies requires that they must report the incident and notify any affected individuals in a timely manner.

Privacy laws and regulations are complex. They can change frequently, and they vary by state and country. Precise definitions of personal information, what exactly constitutes a data breach, and notification requirements and exemptions—deciphering these details and responding properly to a breach can be expensive, time-consuming, and stressful.

CSR’s Breach Reporting Service helps companies navigate the maze of complex laws and regulations to effectively manage a data breach within all regulated timeframes. CSR experts report the incident to all state (48), federal (many), and foreign (105) entities necessary and guide you through notification of individuals. The service saves your company time and money and helps prevent backlash that can damage your reputation.

What happens if PII is compromised?

You must take the proper steps to follow all rules and regulations for breach reporting and consumer notification. Regardless of the size of your business and how many records are compromised, a data breach must be taken very seriously. Even “suspected” data breaches require a prompt response.

There are many data protection laws in over 100 countries and 48 states. These laws require a business (no matter what size) to proactively protect personally identifiable information. The business must also report any data loss within as little as 24 to 72 hours. To further complicate matters, breach reporting requirements are based on the location of the customer, not the business. Thankfully, CSR is here to translate complicated regulations into accessible information.

Breach notification rules are primarily based on the residence of the customer

Channel Partners: Team up with the privacy experts at CSR.

Expand your product line. Empower your small and medium-sized business customers to protect their business. By becoming a CSR channel partner, you can introduce your clients to valuable solutions, including our breach reporting system.

The benefits of becoming a channel partner are numerous: Without any capital investment, you’ll gain new revenue streams with recurring monthly revenue and net profits within 60 days of launch. You’ll also diversify product offerings, retain current customers, and attract new clients - without geographical boundaries! To make it easy on you, all training and marketing materials are included.

Boost company revenue and build customer connections by partnering with CSR. Call CSR today at 888-294-6971 to find out how you can become a valued channel partner.

Contact the Privacy Experts at CSR