A University employee who is aware that an information security incident or privacy breach may have occurred must take immediate action to stop and contain it, and contact the appropriate people within the University.
An information security incident or privacy breach has occurred when there is unauthorized access to, or unauthorized collection, use, disclosure, or disposal of:
that is handled in the course of the University’s operations, or in the course of a research project by a University researcher.
Examples might be:
This list is, of course, not exhaustive.
If the potential incident/breach involves information technology resources, such as a cyberattack or a misdirected email, then the incident should be reported immediately to: email@example.com and firstname.lastname@example.org.
As well, University policy requires that the Information & Privacy Office and the Chief Information Security Officer be notified within 24 hours of detecting a possible information security incident or privacy breach. To do so, University employees must fill out this form and send it to the contact information provided on the form.
Finally, if the potential breach involves theft of University property, please also contact University of Alberta Protective Services at 780-492-5050.
Information Security Incident or Privacy Breach Reporting Form