Breach Reporting

Call if you think you have a breach. Privacy experts analyze your situation, decide if reporting is required, handle the regulatory agencies, and give you advice on how to proceed.

Breach Reporting: Panic Button

Why Buy Our Breach Reporting Service?

If the worst comes to pass, you want the best experts

CSR privacy experts have handled hundreds of data breaches. They have seen just about every kind of incident. When your incident is analyzed, not one person but a panel of experts will review your case. They know many of the regulators to whom you have a statutory duty to report. When your reputation is on the line, you don’t want whomever you can get, you don’t even want just any professional, you want privacy experts that do exactly this every day.

You will save money in the long run

You have a regulatory obligation to report to multiple agencies. It’s incredibly complicated because much of the reporting is predicated on the location of your customers, not the location of your company. If you have an event, and the statistics say you will, you are going to end up paying through the nose without this service.

60% of businesses that call in don't need to report anything

An expert provides true value when they can legitimately tell a client, “Hey, you don’t need to worry about this one.” You didn’t need a lawyer or a consultant. CSR provides you with written documentation of their decision-making and recommendation. How wonderful is that?

Raul - OwnerElite Automotive Repair - Stuart, FL

Breach Reporting is a member service. It works like insurance.
Get on board now BEFORE your breach occurs.

Why Is It So Risky for Small Businesses Today?

Data Breaches Are Much More Likely

The number of breaches grows every year. Threats come from outside and from within. Many breaches are simply accidents – lost phones, emails sent to the wrong person, files left unprotected. Over 50% of small businesses will be breached this year.

82% of small businesses think they are not a target. Most believe they have no data of value to steal. They are almost always wrong. If you have customers, if you receive payments, if you have employees or contractors, you own valuable personal data known as PII and you should be protecting it from a breach.

Breach Trends Breaches Up 50+% Breached 82% Wrong

Consumer Privacy Rules are Getting Tougher

GDPR changed the privacy game in a fundamental way. California just passed CCPA. All 50 states have their own regulations statutes. Privacy is so hot an issue and so bipartisan, the Feds are contemplating another layer.

There are specific privacy rules for banking (Gramm–Leach–Bliley Act), healthcare (HIPAA), and children (COPPA).

GDPR CCPA All 50 States What’s Next?

Breach Lawsuits Are Getting Very, Very Easy

The threat of a lawsuit has always been a burden on businesses. Lawsuits about data breaches are particularly problematic today. Here’s why:

Lawsuits generally require proof of harm to proceed. Recent court rulings on data breaches have nullified this requirement. This means that if you have a breach, every person affected can file suit against you. It’s not a pleasant thought. This outcome would kill most small businesses.

Data Breach Litigation Trends Easier Standing is Here to Stay

Our Breach Reporting Service is trusted by over 100,000 businesses.

It can protect your business from compliance issues too.

How Does The CSR Breach Reporting Service™ Work?

You respond to a structured interview designed to elicit and confirm the event fact pattern

We will guide you through a detailed set of questions to ascertain the facts as they are known. This process has resulted in 100% resolution of all cases. Our analysis relies 100% on your responses. All calls are recorded.

Your security incident information is processed by a panel of human experts

The result is reviewed by a supervisory board of information privacy experts with CIPP certifications and experience with hundreds of data breaches. These privacy experts are the best in the business at what they do. Don’t settle for a single expert who has rarely, if ever, handled a breach.

If the security event is deemed reportable, we report for you. If not, we provide you with a professional opinion letter as to why the event does not rise to the level of reportability

Cases that require reporting necessitate notification to 5-6 regulatory agencies on average.

Our regulatory reporting analysis considers an extensive range of factors. See below for details. Harm threshold, in particular, requires extensive experience with breaches and knowledge of how regulators are interpreting legislation.

Factors Considered in Our Regulatory Reporting Analysis

 Harm threshold  Location of the affected individual (long reach)
 Was there unauthorized access?  Controller vs. Processor (data owner vs. vendor)
 Is the data computerized?  Timeframe for reporting
 Is it encrypted/redacted data?  Law enforcement notification/delay
 Was the encryption key obtained?  Consumer notification requirements
 Type of data  AG, CRA, or other agency reporting
 Number of records

Flow Chart of the CSR Breach Reportng Process

Breach Reporting Flow Chart
Download a PDF of the CSR Breach Reporting Service™ Flowchart

Which States Have Breach Reporting Laws?

All 50 States now have breach reporting laws

Which States Publish Lists of Companies That Have Been Breached?

15 States now publish data breaches to help notify consumers.

State ID Data Breach Website
Montana MO State Attorney General
New Hampshire NH State Attorney General
New Jersey NJ New Jersey Cybersecurity (njccic)
Oregon OR Dept of Justice
Vermont VT State Attorney General
Washington WA State Attorney General
Wisconsin WI Dept of Ag, Trade & Consumer Protection

Want Collateral? Download Our Docs.

CSR’s Breach Reporting Service™ is patented.
You can’t get it elsewhere.
Act now to protect your business.