If you know of something related to technology at UVM that might put personal information at risk, that seems contrary to policy or law, or that raises ethical concerns, how can you let the right person or group know about it?  Here are suggested ways of reporting some common concerns, including information security incident reports.

Computer or information technology security incident or breach

A security or data breach is any incident in which sensitive or confidential data are exposed or are at risk of exposure to unauthorized persons. High risk personal non-public information is of greatest concern.

Normal business use by employees or University business partners does not constitute a computer security breach.

Examples:

  • Loss or theft of a computer
  • Loss or theft of a portable device such as a phone, a hard drive, a USB drive, or removable media
  • Theft of sensitive or confidential data
  • Release or publication of sensitive or confidential data, whether intentional or accidental
  • An unauthorized person having unsupervised access to a University employee's computer
  • An unauthorized person gaining direct or indirect control of a University computer

Phishing and other attempts to steal UVM credentials (Network-IDs, passwords) or UVM information

Scams, phishing, and spam not involving UVM credentials or information

Abuse, violations of law or UVM IT policies

Unethical use of technology

Examples include:

  • Unauthorized manipulation or deletion of sensitive data or non-sensitive data
  • Data privacy and integrity
  • HIPAA violations
  • Inappropriate use of technology
  • Intellectual property infringement

Privacy Concerns

Copyright and other DMCA infringements

None of the above? Not sure whether or how to report something?