What Should Be Reported?

All incidents at the University of Alabama should be reported and investigated to determine if the information data involved requires an official notification of exposure as determined by regulation (FERPA, HIPAA, PCI) or data management plan contract. Failure to report could result in individual disciplinary action, additional fines from regulatory entities, and/or loss of trust in the University by the community at large.

What Is Considered an Incident?

An incident can be any unauthorized access to confidential or sensitive data through:

  • Any potential or suspected loss of data through hacking, virus or malware.
  • A lost device, laptop, phone, tablet or external drive.
  • Any unauthorized access, or downloading of confidential or sensitive data.

Depending on the data involved, one or more regulatory entities and/or affected individuals will require prompt notification.

Report an Incident

To get started, contact our office so we can learn more about your incident. Then together we will fill out the appropriate form below.

If you have any questions, please contact the IT Service Desk at 348-5555.