Incident Report Form

Last updated: September 25, 2024







    Your Email*

    Your First and Last Name*

    Phone number*

    Incident name*

    Short descriptive title of the incident (e.g., Lost laptop in dept. X).

    Description*

    Brief description of what happened.

    Date of discovery

    Date you became aware of the incident

    Date of incident

    Date when the incident occurred, if known.

    UW Organization*

    UW organization where the incident occurred or was observed, if known.
    We are using the Institutional Organization Structure (IOS) to help manage information about incidents.

    Data Systems

    What system(s), if any/if known, are involved?

    Data Encryption*

    Was the data encrypted?

    YesNoDon't know

    Specific types of personal data involved*

    Is it possible that the following data are involved in the incident? Click all that apply.

    An individual's first name or first initial and last nameSocial Security Number or last four digits of SSNDriver's license or state ID numberFinancial account number (credit, debit, etc.) and security code, access code, or passwordFull date of birthPrivate key that is unique to an individual and that is used to authenticate or sign an electronic recordStudent, military, or passport identification numberHealth insurance policy number or health insurance identification numberConsumer's medical history, or mental or physical condition, or about a health care professional's medical diagnosis or treatmentBiometric data generated by automatic measurements of an individual's biological characteristics, such as a fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics used to identify a specific individualUsername or email address in combination with a password or security questions or answers that would permit access to an online accountProtected Health Information (PHI) - A subset of individually identifiable health information created or maintained in health records and/or other clinical documentation in either paper-based or electronic format by UW or UW Medicine(PHI) received from a non-UW entityEducation record - Any record that directly identifies a student and is maintained by the University of Washington or by a party acting for the UWSpecial categories of data (not listed above) - Data relating to minors, older adults or seniors, criminal offenses, citizenship and/or immigration status, race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientationOther personal data - Any record or information relating to an identified or identifiable natural person. (E.g., identification number, location data, online identifiers, or factor(s) specific to physical, physiological, genetic, mental, economic, cultural, or social identity or characteristics, or is identified as personally identifiable data (or a similar term) by any applicable law.)None of the above

    Physical location of data subjects*

    Where were people physically located when data were originally collected, if known (Washington State, other states, United States, and/or other countries)?

    Research*

    Does the incident involve research? Research is defined as a systematic investigation designed to develop or contribute to generalizable knowledge, and may include research development, testing, and evaluation.

    YesNo

    Human Subjects Research*

    Does the incident involve human subjects? Human subjects are defined as living individuals about whom an investigator (whether professional or student) is conducting research: (i) obtains information or biospecimens through intervention or interaction with the individual, and uses, studies, or analyses the information or biospecimens, or (ii) obtains, uses, studies, analyzes, or generates identifiable private information or identifiable biospecimens?

    What Institutional Review Board (IRB) is overseeing this research?*

    If the research is being overseen by UW IRB and you have reported the incident to UW IRB, please list the Reportable New Information (RNI) #.

    If the research is being overseen by a non-UW IRB, please enter name of the IRB without acronyms.

    Type(s) of non-personal data involved*

    Is it possible that the following types of non-personal data are involved in the incident? Click all that apply.

    UW Confidential (non-personal) - University information that is sensitive in nature and typically subject to federal or state regulations. Examples: information regarding the security of computer and telecommunications networks; access codes for physical access to secured locations.Restricted (non-personal) - University information that is circulated on a need-to-know basis or sensitive enough to warrant careful management and protection to safeguard its integrity and availability, as well as appropriate access, use, and disclosure. For example, information security plans; infrastructure documentation; system administration procedures; investigation documentation.National Security Classified Information - Official information, owned by the U.S. government or entrusted to the U.S. government by another country, that has been determined, pursuant to U.S. Presidential Executive Order 13526 or any predecessor order, to require protection against unauthorized disclosure in the interest of national security and which has been so designated.Covered Defense Information – marked or otherwise identified in contract, task order, or delivery order and provided to the UW by or on behalf of the US Dept of Defense in support of the performance of the contract; or collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. Includes all unclassified information related to a classified contract that has not been approved for public release.Export Controlled Information - Unclassified technical data subject to the Export Administration Regulations (EAR) (15 CFR Parts 730-774) or the International Traffic in Arms Regulations (ITAR) (22 CFR Parts 120-130) which are listed on the Commerce Control List (Supplement No. 1 to Part 774 of the EAR) or the United States Munitions List (22 CFR Part 121 of the ITAR.)None of the above

    Reported to Others?*

    Have you reported the incident to other individuals? (Please limit further sharing.)

    YesNo

    Communication processes

    If you have reported this incident to others, please list the names and organizations who have been informed about this incident.

    Add File