If you know of something related to technology at UVM that might put personal information at risk, that seems contrary to policy or law, or that raises ethical concerns, how can you let the right person or group know about it? Here are suggested ways of reporting some common concerns, including information security incident reports.
Computer or information technology security incident or breach
A security or data breach is any incident in which sensitive or confidential data are exposed or are at risk of exposure to unauthorized persons. High risk personal non-public information is of greatest concern.
Normal business use by employees or University business partners does not constitute a computer security breach.
- Loss or theft of a computer
- Loss or theft of a portable device such as a phone, a hard drive, a USB drive, or removable media
- Theft of sensitive or confidential data
- Release or publication of sensitive or confidential data, whether intentional or accidental
- An unauthorized person having unsupervised access to a University employee's computer
- An unauthorized person gaining direct or indirect control of a University computer
Phishing and other attempts to steal UVM credentials (Network-IDs, passwords) or UVM information
Scams, phishing, and spam not involving UVM credentials or information
Abuse, violations of law or UVM IT policies
Unethical use of technology
- Unauthorized manipulation or deletion of sensitive data or non-sensitive data
- Data privacy and integrity
- HIPAA violations
- Inappropriate use of technology
- Intellectual property infringement
- To report: Ethics and Compliance Reporting