CSR Breach Reporting Service

CSR Breach Reporting Service™

Is your business prepared to handle the mandated regulatory requirements related to a data breach? The stakes are high.

Fulfill your legal requirements, protect your reputation, and avoid fines with a comprehensive data breach reporting and consumer notification service.


CSR Awards: Breach Reporting ServiceYour company possesses a great deal of personally identifiable information (PII) about your customers, employees, and vendors. Information like dates of birth, financial information, and Social Security numbers are considered PII. If a data breach occurs, you need to be adequately prepared to deal with the incident. You have a legal responsibility to report the breach.

Responding to a data breach can be complicated - if you do not have an expert at your side. With CSR's Breach Reporting Service, you simply call an IAPP-certified expert at CSR if you have a suspected breach. They will assess the situation using a rigorous process and extensive experience to determine if reporting is required.

CSR handles all of the required regulatory reporting to state and federal agencies. We analyze the reporting needs of 300+ regulatory bodies and 105 sovereign nations. If customer notification is required, CSR will guide you through this delicate process.

CSR’s Breach Reporting Service™ acts quickly to remove fear, confusion, and panic from a difficult situation. Your business will save money, protect its reputation, and minimize lost productivity. And you’ll know your company is in good hands thanks to CSR’s extensive knowledge and years of experience in data breach reporting.

Let the experts guide your business through the aftermath of a data breach.

Download the Technical Factsheet on our patented Breach Reporting Service.

Download the Breach Reporting Service Product Overview.

View a Video Overview of the Breach Reporting Service.


Physical loss or theft of devices is arguably the most common form of data breach. Many companies forget about the simple vectors while worrying about the complex ones.

Increased reliance on digital data has caused data breaches to skyrocket in recent years. Certainly data breaches are much more in the the public eye and the breaches are larger. Between 2015 and 2016, the number of breaches reported in the United States increased by nearly 40 percent, reaching an all-time high. A staggering 36.6 million records were exposed in 2016.

When hackers steal millions of records, the situation makes news headlines. But in reality, data breaches occur quietly and frequently in businesses just like yours. These breaches are not limited to cyberspace—in fact, most losses of data are physical. Lost or stolen laptops, mobile phones, thumb drives, and briefcases that hold digital data comprise a large percentage of the data breaches that occur each year. Whether they are due to a physical loss or online hacking or a phishing scheme, data breaches can devastate a small business.

Invest in CSR's Breach Reporting Service today to mitigate costly fines, reputation loss, and untold stress should a breach occur. With a single phone call, you’ll set the ball rolling for timely and accurate data breach reporting and consumer notifications that adhere to the law. The security of being prepared is well worth the investment.

  • Provides peace of mind
  • Saves your business time and money
  • Translates complex laws and regulations into accessible, actionable information
  • Mitigates your risk of civil and/or criminal penalties due to incorrect reporting
  • Fullfills regulatory breach reporting requirements
  • Provides a key part of your Incident Response Plan
  • Offers a single point of contact to simplify the situation
  • Certified Information Privacy Professionals (CIPP)
  • Award-winning data breach reporting services
  • Coverage of suspected or actual data breaches within your organization
  • Response time of less than 2 hours
  • Proof of Compliance after a breach occurrence, providing a defensible position in case of litigation


Most Common Types and Methods of Data Breaches

Our world is full of data. With today’s advanced technology, reaching a company’s data is easier than ever for hackers, former or disgruntled employees, and competitors. Sensitive business data is often stored on cloud servers, local machines, and enterprise databases, leaving it vulnerable. Here are some of the most common culprits for data breaches that occur within organizations.

  • Insider Theft: an employee intentionally or unintentionally takes company data.
  • Hacking: skilled computer experts break into a computer system or network.
  • Data on the Move: data is accessed by an unauthorized person during migration.
  • Physical Theft: a laptop or other device containing sensitive information is stolen. This also includes theft of hard-copy paper files, notebooks, etc.
  • Third-Party Errors: a business associate gains access to sensitive data.
  • Employee Error: a current company employee is negligent (e.g., loses their laptop).
  • Malware: accidental exposure occurs due to malware on a device.
  • Unauthorized Access: sensitive data is exposed to someone who does not have the proper authority.


What Counts as a Data Breach?

A data breach has occurred when an unauthorized individual gains access to sensitive, protected, or confidential data, or when an authorized individual uses their access to data inappropriately.

Is a data breach serious?

Not every data breach is seriousbut they can be downright catastrophic. When personally identifiable information (PII) or other sensitive data is leaked, it can have severe consequences for individuals and companies.

Data breaches can compromise a variety of personal information. A 2017 report by NY Attorney General Eric Schneiderman revealed that the most common information leaked during 2016 was Social Security numbers, followed by financial information (including credit card numbers) and driver’s license numbers. These types of serious breaches can leave people open to identity theft and fraud. Breaches can also reveal company trade secrets or intellectual property.

Breach Example: The Phishing Trip. Your HR employee receives an email with an attachment labeled “Resume.” The employee opens the attachment, causing the computer to become infected by malware. (The anti-malware on your employee’s device was out-of-date.) Now the PII of multiple employees and applicants is at risk.

Malware Protection, Employee Training


Breach Example: The Lost Laptop. A Human Resources employee misplaces a laptop containing unencrypted sensitive information. A stranger finds the laptop full of data: employee PII, spreadsheets with customer data, emails with vendor data, and more.

Encryption, Data Masking

Vermont Grocer Fined $15,000

Vermont Grocer Fined $15,000; Incurred Another $15,000 to Implement New System
A local, family-owned grocer, Natural Provisions, was penalized for failing to protect consumer data and taking too long to respond to the data breach. They violated the state’s Security Breach Notice Act and Consumer Protection Act and were required to implement a new POS system—costing them more than $30,000.

Data Breach Triggers $50,000 Fine

When a laptop, containing the personal health information (PHI) of 441 patients, was stolen, The Hospice of North Idaho agreed to pay the U.S. Department of Health and Human Services $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The hospice did not have policies or procedures in place to address mobile device security as required by the HIPAA Security Rule.

Our Data Breach Analysis Process

CSR Breach Reporting Process

Why is it so important to think about Breach Reporting now?

When responding to a data breach, one wrong move can cost your company everything. Expensive fines, civil and criminal penalties, a tarnished reputation, and a loss of future sales can ruin a small business. Invest in CSR's Breach Reporting Service and rest easy knowing your business has a plan if a breach occurs. For more information or to order the service, contact us today to find an authorized reseller.

Protection of PII can’t be taken lightly. There are numerous laws and regulations you must follow when handling PII. If you ignore the issue, your business is at risk of financial penalties, criminal prosecution, lawsuits, customer attrition and overall brand erosion. Don’t be reactive—be proactive. That’s the best way to save your business time, money, and resources.

Density of Privacy Regulations by State
How do Privacy Regulations Affect Your State?

Alabama currently has no statutes that regulate breach reporting, and North Carolina has 43 regulations. Find out how many regulations directly affect your state by checking our interactive PII compliance regulation map at csrps.com. But remember, your business is not just bound by the policies of your home state. You are subject to the privacy laws of every state where your customers reside.

What is data breach reporting?

If organizations suspect a breach, legislation in most states and multiple federal agencies requires that they must report the incident and notify any affected individuals in a timely manner.

Privacy laws and regulations are complex. They can change frequently, and they vary by state and country. Precise definitions of personal information, what exactly constitutes a data breach, and notification requirements and exemptions—deciphering these details and responding properly to a breach can be expensive, time-consuming, and stressful.

CSR’s Breach Reporting Service helps companies navigate the maze of complex laws and regulations to effectively manage a data breach within all regulated timeframes. CSR experts report the incident to all state (48), federal (many), and foreign (105) entities necessary and guide you through notification of individuals. The service saves your company time and money and helps prevent backlash that can damage your reputation.

What happens if PII is compromised?

You must take the proper steps to follow all rules and regulations for breach reporting and consumer notification. Regardless of the size of your business and how many records are compromised, a data breach must be taken very seriously. Even “suspected” data breaches require a prompt response.

There are many data protection laws in over 100 countries and 48 states. These laws require a business (no matter what size) to proactively protect personally identifiable information. The business must also report any data loss within as little as 24 to 72 hours. To further complicate matters, breach reporting requirements are based on the location of the customer, not the business. Thankfully, CSR is here to translate complicated regulations into accessible information.

Breach notification rules are primarily based on the residence of the customer

Channel Partners: Team up with the privacy experts at CSR.

Expand your product line. Empower your small and medium-sized business customers to protect their business. By becoming a CSR channel partner, you can introduce your clients to valuable solutions, including our breach reporting system.

The benefits of becoming a channel partner are numerous: Without any capital investment, you’ll gain new revenue streams with recurring monthly revenue and net profits within 60 days of launch. You’ll also diversify product offerings, retain current customers, and attract new clients - without geographical boundaries! To make it easy on you, all training and marketing materials are included.

Boost company revenue and build customer connections by partnering with CSR. Call CSR today at 888-294-6971 to find out how you can become a valued channel partner.

Privacy Prime
  • 22 Jan 2018

    Meticulous Equifax Timeline

    Data Breach timeline for Equifax's 2017 Data Breach. One of the most significant data breaches to date.

  • 22 Jan 2018

    2017 Year End Review

    Every year breaches are becoming more prevalent and have a much higher impact then years prior. Take a look at some of the breach reports that it made it on our list.