What Should Be Reported?
All cyber incidents at The University of Alabama should be reported and investigated to determine if the information data involved requires an official notification of exposure as determined by regulation (FERPA, HIPAA, PCI) or data management plan contract. Failure to report could result in individual disciplinary action, additional fines from regulatory entities, and/or loss of trust in the University by the community at large.
What Is Considered an Incident?
An incident can be any unauthorized access to confidential or sensitive data through:
- Any potential or suspected loss of data through hacking, virus or malware.
- A lost device, laptop, phone, tablet or external drive.
- Any unauthorized access, or downloading of confidential or sensitive data.
Depending on the data involved, one or more regulatory entities and/or affected individuals will require prompt notification.
Incident Response Plan
UA students, faculty and staff can view the University’s Incident Response Plan. Note – users must be connected to the campus network to view the plan.
Report an Incident
To get started, contact our office so we can learn more about your incident.