Breach Notification Services

Can my organization have a Data Breach?

Nearly every organization collects and stores Personal Identifiable Information (PII). Personally Identifiable Information (PII) is any information that can identify an individual and possibly lead to identity theft or fraud. All businesses have PII, it comes from customers, employees, and vendors and is usually found in every department. It can be as obvious as a credit card number, social security number, an email address or phone number. This data can be stored in paper form (medical charts, printed invoices, paper checks, personnel files) or electronically (your bookkeeping program, PDF’s, saved emails). Improper safeguarding of that personal data can cost your company time and money, risk your reputation, and even violate the law in some cases. Your responsibility for data protection encompasses all paper records and electronic files containing PII.

How do Data Breaches Occur?

Data Breaches occur in many ways. Most physical incidents involve the theft of devices such as laptops, cell phones and storage devices or stolen, lost or misplaced paperwork. Employees are increasingly encouraged to work on the go, but if they don’t keep an eye on their assets, an opportunist crook could easily steal them. Criminal Hacking is also another top cause of data breaches. Ransomware, Malware and Phishing are also ways to lose sensitive data.

Who has had recent Data Breaches?

Facebook: 540 Million Records Exposed
Marriot: 500 Million Guests
EBay: 145 Million users
Home Depot: 56 Million
City of St Petersburg, Florida: 28,000 consumers
South Carolina Dept. of Revenue: 6 million people
Health First: 42,000 customers
Some Others: Panera Bread, PDQ Restaurant and Chili’s Grill & Bar

What would you do if your organization had a Data Breach?

If a Data Breach at your organization is suspected, is your company prepared to deal with the incident? Do you have the proper protocols put into place, and a designated reporting source to whom to contact immediately?

Docushred Inc. data privacy offering includes CSR Readiness® Pro Edition – a data privacy compliance service comprised of the CSR Readiness Privacy Assessment, a PROACTIVE solution, enabling small to medium size businesses (SMB) to assess their privacy procedures and safeguards and presents them with suggested improvements for areas the program identifies as deficient and the REACTIVE CSR Breach Reporting Service.

Docushred Inc. will provide Client with the CSR Breach Reporting Service 24 hour toll free number to call CSR Privacy Experts in the event of a suspected or actual data breach. CSR’s Certified Privacy Experts (Certified Information Privacy Professional or CIPP), will assess your incident. If it is a reportable event, CSR will file all necessary documents to all required state and federals agencies (or appropriate international bodies). If customer data is involved, they will guide you through the delicate notification process.

The Docushred Inc. Readiness Pro Edition, powered by CSR, will help your business reduce the risk of a data breach, and in the event of an actual or suspected breach, CSR takes the headache and hassle out of the legal requirements to report the loss or breach of PII to an ever-increasing number of authorities, as well as mandated notification to your customers.

How it works

Watch CSR’s Breach Reporting Service Video

Learn why reporting and notification is mandatory, how the service works, and who the experts are behind it.

Important to know: when reporting a breach, a customer calls and leaves a detailed message for CSR. In 2 hours or less a CSR Representative will contact you regarding the incident.

MINNESOTA: MANDATED TIMEFRAME FOR BREACH REPORTING AND/OR CONSUMER NOTIFICATION WITHIN 48 HOURS (500+ NOTIFICATIONS). FINES & PENALTIES VIOLATIONS OF BREACH AND NOTIFICATION LAWS: - UP TO $25,000

NORTH DAKOTA: MANDATED TIMEFRAME FOR BREACH REPORTING AND/OR CONSUMER NOTIFICATION WITHOUT UNREASONABLE DELAY. FINES & PENALTIES VIOLATIONS OF BREACH AND NOTIFICATION LAWS: - UP TO $5,000 PER VIOLATION

SOUTH DAKOTA: MANDATED TIMEFRAME FOR BREACH REPORTING AND/OR CONSUMER NOTIFICATION WITHIN 60 DAYS. FINES & PENALTIES VIOLATIONS OF BREACH AND NOTIFICATION LAWS: - UP TO $10,000 PER DAY PER VIOLATION

Related Statutes and Laws:

Minnesota:

MN § 325E.61 DATA WAREHOUSES; NOTICE REQUIRED FOR CERTAIN DISCLOSURES
MN § 325E.64 ACCESS DEVICES; BREACH OF SECURITY
MN § 325E.59 USE OF SOCIAL SECURITY NUMBERS
MN § 325M.05 SECURITY OF INFORMATION

North Dakota:

N.D. CENT. CODE §§ 51-30-01 TO 51-30-07 NOTICE OF SECURITY BREACH FOR PERSONAL INFORMATION
N.D. CENT. CODE § 51-15-07 REMEDIES – INJUNCTION – OTHER RELIEF – RECEIVER – CEASE AND DESIST ORDERS – CIVIL PENALTIES – COSTS RECOVERABLE IN ADJUDICATIVE PROCEEDINGS
N.D. CENT. CODE § 51-15-11 CIVIL PENALTIES
N.D. CENT. CODE § 51-07-27 RESTRICTIONS ON ELECTRONICALLY PRINTED CREDIT CARD RECEIPTS ‑ PENALTY
N.D. CENT. CODE §§ 23-01.3-01 – 23-01.3-09 HEALTH INFORMATION PROTECTION
N.D. CENT. CODE § 15.1-07-25.3 PROTECTION OF STUDENT DATA – SCHOOL DISTRICT POLICY

South Dakota: