Reporting Security Incidents
All individuals are required to immediately report to the University Information Policy Office (UIPO) any:
- suspected or actual security breaches of information – whether in printed, verbal, or electronic form – or of information systems used in the pursuit of the university's mission.
- abnormal systematic unsuccessful attempts to compromise information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.
- suspected or actual weaknesses in the safeguards protecting information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.
The University Information Policy Office (UIPO) responds to and investigates incidents related to misuse or abuse of Indiana University information and information technology resources, regardless of the campus or unit involved. This includes computer and network security breaches, privacy breaches or concerns, and unauthorized disclosure or modification of institutional or personal information.
For more information on information security incident management at IU, see: Information Security Incident Management, and ISPP-26 Policy: Information and Information System Incident Reporting, Management, and Breach Notification.
Reporting incidents involving sensitive data
In the event of an incident concerning the possible exposure or loss of sensitive institutional or personal data, you must report the incident to the UIPO as soon as the incident is suspected. For more information on reporting these incidents, see: Reporting Sensitive Data Exposures.
Reporting HIPAA violations
HIPAA (Protected Health Information) violations must be reported to the University HIPAA Privacy and Security Compliance Office, the Interim University HIPAA Privacy Officer at 317-278-4521, the Interim University Security Officer at 317-278-8751, or by using the Confidential Hotline at 877-526-6759.
For non-emergency reports of information and information technology security, abuse incidents, privacy incidents or concerns, identity theft, or a weakness in the protection of sensitive institutional or personal data, contact the UIPO. They will coordinate the investigation, involve the appropriate IU units, and help assess and mitigate potential threats.
Report these types of incidents in one of two ways: