What should be reported?
All incidents at EKU should be reported and investigated to determine if the information involved requires an official notification of exposure as determined by regulations (FERPA, HIPAA, PCI).
What is considered an incident?
An incident can be any unauthorized access to confidential or sensitive data through:
Depending on the data involved, one or more regulatory entities and/or affected individuals may require notification.
Please fill out the form found on the Incident Response Form page.
Information collected on the form is: