A University employee who is aware that a privacy or information security breach may have occurred must take immediate action to stop and contain the breach, and contact the appropriate people within the University.
A privacy or information security breach has occurred when there is unauthorized access to, or unauthorized collection, use, disclosure, or disposal of:
that is handled in the course of the University’s operations, or in the course of a research project by a University researcher.
Examples might be:
This list is, of course, not exhaustive.
If the potential breach involves information technology resources, such as a cyberattack or a misdirected email, then the incident should be reported immediately to: firstname.lastname@example.org .
As well, University policy requires that the Information & Privacy Office and the Chief Information Security Officer be notified within 24 hours of detecting a possible breach. To do so, University employees must fill out this form and send it to the contact information provided on the form.
Finally, if the potential breach involves theft of University property, please also contact University of Alberta Protective Services at 780-492-5050.
Loss or Breach of Information Reporting Form