Readiness Privacy Assessment
Does your business adequately protect personally identifiable information (PII)?
Take control with CSR’s privacy self-assessment and risk mitigation tools.
A VALUABLE PRIVACY ASSESSMENT FOR BUSINESSES
The CSR Readiness® Privacy Assessment is an exclusive compliance and self-assessment tool developed by data privacy experts. It is a comprehensive program that helps you to improve the way your company handles personally identifiable information (PII).
CSR Readiness® is a GAP analytic that generates prioritized remediation. In other words, it analyzes your unique situation based on the answers you provide. It then uses an expert system to compare your current state with the laws that apply to you (300+ regulatory bodies & 105 sovereign nations) and the current threat vectors in your environment and industry. It creates for you a list of items to address if you wish to reduce the chance of having a data breach.
The assessment is online, SaaS, and interactive. Take it anywhere and at your own pace. Once you get your prioritized action steps, you will also receive actionable solutions, along with proposed policies and privacy practices. The next moves are up to you.
Once you’ve addressed the privacy gaps, you’ll receive a certificate of completion and can display CSR’s seal of approval to assure your customers, vendors, and employees that their PII is safe in the hands of your company.
Download the Technical Specs on our award-winning privacy assessment and remediation tool.
Download the Readiness Product Overview.
A 2017 report by NY Attorney General Eric Schneiderman found that 37% of all data breaches were the result of employee negligence: inadvertent exposure, insider wrongdoing or the loss of an electronic device.
If we look just at cyber threats, IBM found in a 2016 study that 60% were the result of insiders: three-quarters were malicious and the rest were inadvertent.
PII leaks can be costly, embarrassing, and potentially devastating for a company. Invest in the CSR Readiness® Privacy Assessment today and take the first step toward protecting your business.
WHAT ARE THE BENEFITS TO YOUR BUSINESS?
- Risk mitigation tools, including an incident response plan
- Policy templates and best practices
- Proof of your efforts to comply with data regulations
- High-quality online data risk assessment from certified IAPP privacy professionals
- 24/7 access to maintain data privacy strength as your organization and regulations change
- Certification of Completion with an ID Stay Safe® Trust Shield Program seal for public display
- Flexibility to address compliance issues on your own schedule
What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) is information that your business has or controls about customers, employees, vendors, and partners. This sensitive data could be used to identify an individual, and might lead to identity theft or fraud. Generally, if the information can be used to distinguish an individual, then it is considered personally identifiable. However, the precise definition of personal information varies by state.
PII Leak Example: The Email Fumble
Your employee accidentally emailed a client’s records to a vendor they no longer use. The records contained the client’s case details and their initial application, which included a Social Security number.
What Do You Do?
Because the records were not encrypted and the type of personal information sent included a first name, last name, and Social Security number, regulations consider this a breach of security which is reportable and may require disclosure to the client.
You could have prevented this by developing policies for the encryption and safe transfer of data. Ensure employees are trained to recognize and secure personal information.
Reduce the probability of a breach: Redact (censor/obscure) unnecessary personal information prior to sending records. Even if the records were sent to the correct vendor, the client’s social security number was most likely not needed.
Solution: Redaction, Encryption, Training, Improved Mail Policies
Common Examples of PII
- Social Security number
- Passport number
- Driver’s license number
- Date of birth
- Financial data
- Email address
- Phone number
- IP address
Unexpected Examples of PII
- Medical diagnosis, treatment, or history (HIPAA data is a subset of PII)
- Health insurance policy number
- License plate data
- Retina or iris image
- Voice print
- Mother’s maiden name
- Digitized signature
How do Privacy Regulations Affect Your State?
Alabama currently has no statutes that regulate breach reporting, and North Carolina has 43 regulations. Find out how many regulations directly affect your state by checking our interactive PII compliance regulation map at csrps.com. But remember, your business is not just bound by the policies of your home state. You are subject to the privacy laws of every state where your customers reside.
Why is it so important to assess my company's data privacy policies?
Thousands—maybe even millions—of data breaches occur every day, and you need to be prepared. As technology has advanced, there’s been a surge in incidents that compromise PII. But you can’t put proper safeguards in place if you don’t know what’s wrong with your processes. A self-assessment can pinpoint privacy gaps that might otherwise go unnoticed. It’s not just about technical specs and cyber warfare. Simple policy changes can have a profound impact.
Protection of PII can’t be taken lightly. There are numerous laws and regulations you must follow when handling PII. If you ignore the issue, your business is at risk of financial penalties, criminal prosecution, lawsuits, customer attrition and overall brand erosion. Don’t be reactive—be proactive. That’s the best way to save your business time, money, and resources.
What happens if PII is compromised?
You must take the proper steps to follow all rules and regulations for breach reporting and consumer notification. Regardless of the size of your business and how many records are compromised, a data breach must be taken very seriously. Even “suspected” data breaches require a prompt response.
There are many data protection laws in over 100 countries and 48 states. These laws require a business (no matter what size) to proactively protect personally identifiable information. The business must also report any data loss within as little as 24 to 72 hours. To further complicate matters, breach reporting requirements are based on the location of the customer, not the business. Thankfully, CSR is here to translate complicated regulations into accessible information.
PII LEAK in SMALL BUSINESS
Massachusetts Property Management Firm Fined $15,000 for Stolen Laptop:
A laptop containing personal information (including Social Security numbers) of 600+ Massachusetts residents was stolen from property management company Maloney Properties Inc. Along with paying the $15,000 civil penalty, Maloney Properties had to agree to perform a number of tasks, including performing an annual compliance audit, training employees on personal information security policies and procedures, and changing the way it stores personal information.
Hacking in Small Business
Hacking of Credit Card Information Cost Washington State Restaurateur His Dream:
A restaurant in Washington state purchased a non-compliant payment application on eBay. As a result, 22 customer card numbers were stolen at the restaurant and used in fraudulent transactions. The restaurant paid $7,000 in fines to Visa and MasterCard and funded a $5,000 forensic investigation of the compromised payment application. The restaurant also had to go out of business temporarily and lost the ability to process credit cards for several months—a devastating blow for a small operation.
Invest in Your Company’s Future
CSR translates complicated regulations on data security and confidentiality into practical business rules.
Protect your business by assessing your privacy risk, identifying the weaknesses, and taking steps to remedy privacy and security deficiencies. For more information or to order CSR Readiness® Privacy Assessment, contact us today and speak to an authorized reseller.CONTACT US
Your small and medium-sized business customers already count on you. Now you can take their trust to the next level by offering easy access to a comprehensive assessment solution and breach reporting system to ensure they’re complying with legal mandates to protect personal data.
As a channel partner, you’ll enjoy the financial benefits of new revenue streams generating recurring monthly revenue and net profits within 60 days of launch, all with no new capital investment required.
You will also open new doors by offering an entirely new product line. Differentiate yourself from competitors and expand your reach. It’s easier than you think, as you receive all training and marketing materials from CSR. Empowering your customers while enhancing your bottom line: It’s a win-win situation.