SIRN FAQs: Data Breach Response – Incident Notification

WHAT IS A DATA SECURITY BREACH?
A data security breach is the unauthorized disclosure of information that compromises the security, confidentiality or integrity of personally identifiable information. Such information may include, but not be limited to, Social Security Numbers, names and addresses, date of births, health care records and bank account information. It’s important to remember that if this information is stolen, lost or misplaced, an organization is required by law to notify the affected consumers of the incident. Currently, these laws vary on a state-by-state basis.

HOW IS MY ORGANIZATION SUSCEPTIBLE TO A DATA SECURITY BREACH?
No matter what policies you have in place, it’s virtually impossible to stop identity theft. Laptops with data could be stolen or lost. Files could be accessed by an unauthorized user. It’s critical to be prepared to respond immediately when this occurs. Organizations that fail to communicate a data security breach in a "clear, consistent and timely fashion" are four times as likely to experience customer turnover.* SIRN offers a rapid response solution for notifying affected consumers in the event of a data security breach.

MY BUSINESS HAS HAD A POTENTIAL DATA SECURITY BREACH. NOW WHAT?
Once you learn of a possible consumer data security breach, the first step is to determine whether personally identifiable information is believed to have been acquired or accessed. In making this determination, you should look to several indicators, including whether the information (1) is in the physical possession or control of an unauthorized person (e.g., a stolen computer), (2) has been downloaded or copied, or (3) was used by an unauthorized person, such as having fraudulent accounts opened or reported instances of identity theft.

Once it is believed that a data security breach has occurred, an organization should notify affected consumers of the incident and provide a description of how the company will assist them. This is when our Security Incident Response Notification (SIRN) services can assist your company. Our SIRN team will be ready to send out consumer notification letters, offer a product to protect the consumers, as well as be prepared to handle consumer responses and provide support in the event of fraud or identity theft.

WHO NEEDS SIRN?
First Advantage’s Security Incident Response Notification (SIRN) service is available to assist organizations that store sensitive or personal identifiable information. Many organizations don't realize that data security and privacy laws are pertinent to public and private companies, various government branches and health care and educational organizations.

ORGANIZATIONS AT RISK
Many U.S. organizations are legally required to protect the security of personal identifiable information. Several state laws require organizations to use appropriate security measures to protect specified personal information of their residents. Any organization that maintains consumer data can be at risk. Those that have been exposed to data security breaches include, but certainly aren’t limited to, the following:

Corporations
Small Businesses
Schools
Hospitals

Government
Health Care Companies
Mortgage Brokers

Auto Dealers
Entrepreneurships
Banks

TARGETED INFORMATION
Information targeted for theft may include customer names and any of the following: Social Security Numbers, driver’s license numbers, state identification card numbers, financial account numbers, and credit or debit card account numbers (in combination with any code or password permitting access to an individual’s financial account where such a code or password is required). Categories of targeted information include:

Social Security numbers
Date and location of birth
Phone numbers
Health records
Home addresses
Ethnicity and citizenship
Veteran and disability status
Email addresses

Drivers' license numbers
Medical record numbers
Health plan numbers
Account numbers
Certificate or license numbers
Device identification / serial numbers
Facial photographs

Name
Account balances
Bank/ACH numbers
Credit card number
Credit rating
Income data
Payment data
Expiration dates

If your organization processes, uses or tracks any of the above information, you should be prepared to respond accordingly should sensitive information get lost or stolen.

WHY SIGN UP FOR THIS SERVICE NOW?
In today’s world, it’s crucial to be prepared in the event of a consumer data security breach. Preparation is your best defense. Since several states are adopting specific, strict turnaround times for notifying affected consumers, it’s important to be ready now. No matter what policies you have in place, you can’t stop identity theft. Laptops with sensitive data are likely to be stolen or lost, and files could be inappropriately accessed by users. Our goal is to ensure that you are fully prepared, while keeping your customers as satisfied as possible during a crisis.

HOW DO I SIGN UP FOR THIS SERVICE?
It’s easy. For a nominal fee, we’ll have you setup and synched with our system database and phone lines so that we’ll be ready to respond immediately to consumers if a data security breach occurs. We’ll have inventory of your stationery stock for notification letters and agents ready to assist on any given notice. Contact a SIRN representative today by emailing SIRNinfo@FADV.com or 800.710.1877, ext. 6834 to set you up.

HOW DO THE PAYMENTS WORK?
A small setup fee is required to get you registered into our system. You’ll then receive a customized SIRN binder that details protocols and information needed to notify consumers of a potential data security breach. For an additional ongoing fee, we’ll maintain your setup in our database and we’ll keep a dedicated toll-free phone line available to handle any calls from your affected consumers regarding the data security breach. In addition, you will have templates for notification letters, customer service scripts regarding credit monitoring and identity theft restoration and a consumer website already in place so that you can rapidly respond to a data security breach of any size.

If a data security breach does occur, we can enroll your customers into our service and provide enrollment reporting information back to you. There will be various pricing options for flexible product packages. We strongly advise signing up ahead of time so that, together, we will be ready to handle any data security breach within 48 hours. Call First Advantage today to find out which product options may work best for your consumers.

WHAT ARE MY PRODUCT OPTIONS THAT I CAN OFFER TO CONSUMERS?
Available product options include Experian® credit reports, consolidated credit reports from all three national repositories, Experian® monitoring of significant activity, consolidated monitoring from all three national repositories, Internet monitoring, public records monitoring, non-credit loan activity, $25,000 fraud insurance policy, and fraud restoration services. These consumer product options are available for any length of time, such as three months, six months or 12 months.

HOW DO AFFECTED CONSUMERS ENROLL IN THE PRODUCT SERVICES?
To enroll, affected consumers can call the dedicated toll-free number that will be set up once you’ve signed up for the service in advance. Or, we can include a form with the notification letter that can be filled out and mailed back to us. We can also direct them to a Web site that will provide information on how to enroll.

HOW DO AFFECTED CONSUMERS RECEIVE THE PRODUCT OPTIONS I SELECTED?
Customized fulfillment materials will be sent to them based on the product options you select. For example, let’s say you select fraud insurance coverage, an Experian® credit report upfront and a monitoring report every month. We would send a booklet to the affected consumers that includes their personalized credit report, a guide to understanding their credit, information regarding their fraud insurance policy, and identity theft tips.

*Ponemon Institute Research, 2006