You\u2019ve just received a breach disclosure letter from a company, government agency or financial institution. What now? Should you call the police, or just file away the letter and hope for the best? We\u2019ll guide you through the process, based on advice from Larry Ponemon, founder of the Ponemon Institute, and Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse.The first step? Take a deep breath, Stephens says. These letters can be startling, but don\u2019t panic\u2014simply take the following steps to protect yourself.1. Evaluate your risk. First, find out everything you can about what happened. Read the disclosure letter carefully, and do an Internet search for more information. Go to the company\u2019s website to see if they\u2019ve issued a press release. Call the company\u2019s toll-free number if you have any questions. You want to find out two things: First, what information was compromised. The more information that was disclosed, the higher your risk. Second, try to determine whether the information was lost because of negligence or theft. In cases of theft, the chance is higher that the information will be misused.2. Monitor your accounts. The most typical result of the theft of personal information is credit card fraud, Ponemon says. A thief will use your account for one or two transactions\u2014quite possibly a large one\u2014and then move on to the next victim. Fraud is most likely to occur right after the data is stolen, so monitor your account vigilantly for three to six months. You may want to have account numbers changed. However, if your data was lost\u2014a tape fell off a truck, or a laptop went missing\u2014this might not be necessary.3. Take extra steps if your Social Security number has been disclosed. If your Social Security number has been compromised, you\u2019ll need to notify the credit bureaus, put a fraud alert on your records and monitor credit reports to make sure new accounts aren\u2019t being opened in your name. Technically, you need to notify only one credit bureau, which will then share the information with the other two. However, you can contact Equifax (Equifax.com), Experian (Experian.com) and TransUnion (Transunion.com) individually if you want to be sure that they all get the information. If you feel you\u2019re at a particularly high risk, you can also do a security freeze, which is stronger than a fraud alert. It puts a lock on your credit report, making it virtually impossible for anyone (including you!) to obtain new credit in your name.4. Consider a credit monitoring service. Ponemon and Stephens both stress that credit monitoring services do many things that you could do yourself for free. For instance, thanks to the Fair and Accurate Credit Transactions Act (FACTA), you can get a free copy of your credit report every year from each of the three bureaus\u2014that\u2019s one free credit report every four months. However, if you don\u2019t have the time to monitor your own credit, it might be worthwhile to pay for a credit monitoring service. Find out if the company that sent you the breach notification is willing to pay for this service. Ponemon is suspicious of free credit monitoring services, which may put spyware and adware on to your computer.5. Decide when to call the cops. If you\u2019re the victim of identity theft and not just credit card fraud, you do want to call the police and file a police report, Stephens says. Keep a copy of the report for your records. Typically, though, you don\u2019t need a lawyer. Ponemon suggests working with the company responsible for the breach before you do anything else. \u201cCall them if there is suspicious activity on your statement,\u201d he says \u201cThey need to know, and they probably have a system in place to help. They are motivated to keep you [as a customer], so it\u2019s often to your advantage to contact them,\u201d he says. If you need more assistance, you can also contact your state attorney general or the Federal Trade Commission.Kathleen Carr is a former editor for CSO.