Skip to main content Skip to footer

October 13, 2014

Reporting Data Security Incidents

Adapted from the article, "Reporting Data Security Incidents," updated 02/26/2013, © 2013 ePlace Solutions, Inc.

By Jennifer Paradise

Even after taking the right precautions, accidents happen, systems fail, people are fooled, and sensitive data may be compromised. Prior to such an occurrence, it is important to know what to do when a data security incident occurs. All potential security incidents involving sensitive information should be reported immediately.

Who Do I Contact?

Contact the IT Support Center for all technology issues including those related to security. Unsure if an issue is a security concern? Let us determine that! Call us at x4225, or 989-964-4225. You can also email us at

Examples of Incidents to Report

Any of the following could constitute a potential data security incident.

  • Misuse of sensitive information (e.g. posting of customer information on a social website)
  • Social engineering attempts (e.g. phishing)
  • Potential malware infections
  • Loss or theft of a PC or other electronic storage device
  • Missing hard-copy documents or media


To reduce potential liability, it is important to take care in how you communicate about a potential data security incident. Specifically, 

  • Avoid using email to communicate about the incident. Use the telephone instead. If you are reporting email spam, it's appropriate to forward the email to
  • Do not discuss the incident with people outside of the University.
  • When reporting a problem, be forthcoming with information. If it is a lost laptop, refer to the incident as "a lost laptop." If you receive email spam, refer to it as "spam." Give ITS as much information about the incident as possible.

In case you missed the announcement last week, we have an FBI specialist coming to campus on Tuesday, October 28 from 1-2pm presenting on cyber security in the Ott Auditorium. The entire campus community is invited to attend. We hope to see you there!