Incident Response

What should be reported?

All incidents at EKU should be reported and investigated to determine if the information involved requires an official notification of exposure as determined by regulations (FERPA, HIPAA, PCI).

What is considered an incident?

An incident can be any unauthorized access to confidential or sensitive data through:

  • Any potential or suspected loss of data through hacking, virus, or malware.
  • A lost university-owned device, laptop, phone, tablet, or external drive.
  • Any unauthorized access or downloading of confidential or sensitive data.

Depending on the data involved, one or more regulatory entities and/or affected individuals may require notification.

Please fill out the form found on the Incident Response Form page.
Information collected on the form is:

  • Reporter Name
  • Reporter Contact Information
  • What was the incident date?
  • Please describe the incident.
  • What type of data or information was exposed (Detailed as possible)?
  • What group or number of people are affected?
  • Please provide any other pertinent information.