The University Information Policy Office (UIPO) responds to and investigates incidents related to misuse or abuse of Indiana University information and information technology resources, regardless of the campus or unit involved. This includes computer and network security breaches, privacy breaches or concerns, and unauthorized disclosure or modification of institutional or personal information. For more information on information security incident management at IU, see: Information Security Incident Management.

Reporting incidents involving sensitive data

In the event of an incident concerning the possible exposure or loss of sensitive institutional or personal data, you must report the incident to the UIPO as soon as the incident is suspected. For more information on reporting these incidents, see: Reporting Sensitive Data Exposures.

Reporting HIPAA violations

HIPAA (Protected Health Information) violations must be reported to the Office of Research Administration, Research Support Services at 317-278-7189, inforsch@iupui.edu, or using their Confidential Hotline at 877-526-6759.

Other incidents

For non-emergency reports of information and information technology security, abuse incidents, privacy incidents or concerns, or a weakness in the protection of sensitive institutional or personal data, contact the UIPO. They will coordinate the investigation, involve the appropriate IU units, and help assess and mitigate potential threats.

Report an incident in one of two ways:

• Use our online incident reporting form (authentication required).
• Send an email to it-incident@iu.edu outlining the incident details
  • If you are reporting email abuse or spam, be sure to include the full headers.