Missing/Lost Devices – Compromised Data Reporting Form Information Security

(706) 721-4000

All information you provide in this form will help us to find your computer and/or to identify the nature of the data exposed. While there are many questions on this form, they are intended to help you remember as much as possible about your lost device or media. Please note that text in red is essential to investigating this loss (data or physical asset), so please provide as much detail as possible. Once you have completed the form please send it to security @augusta.edu . Thank you.

I General Information1 Today’s Date2 Name of the Person filling out this form

Your NETID Office Phone Mobile Phone

3 Name of the Person Owning/Assigned the Device If Same as Person Above, then click this box User’s NETID Office Phone Mobile Phone

4 Approximate Date of when the loss occurred5 Approximate Time of when the loss occurred AM PM6 Did this Loss Occur:

In your home? Yes No In your car? Yes No In the office? Yes No Provide other location:

If yes, office location:

7 What is the current status of the computer or media? (e.g., has it been recovered?)

8 Have you requested IT Security to investigate if this computing device has been using the network after it was lost or stolen? Yes No

9 Brief Description of What Happened (e.g., lost, stolen; where/when last seen)

II Police Involvement1 Has a police report been filed? Yes No If yes, case number:2 If non Augusta University/Health law enforcement has been engaged, please include name of law enforcement

organization contact information and case number:

Missing/Lost Devices – Compromised Data Reporting Form 8/12/2009; 5/12/2015; 7/7/2016 Page 1 of 3

III

Computing Device Information

1 Device Type*** Smart Phone iPhone Blackberry Laptop Desktop Other

Operating System Macintosh Windows VersionModel ColorSerial # Asset Tag #

2 What other identifying marks/parts/peripherals?

3 Who Owns the Device or Media? AU AU Medical Center AU Medical Associates Other Please Indicate the owner:

4 Has the device been registered for AU’s Network? Yes No5 Do you have any record of the physical hardware addresses associated with the

device? Yes No

6 Do you know any recent IP addresses, hostnames or computer names that are registered or known to be recently associated with the device (e.g., 130.132.x.x or clinic.med.augusta.edu)?

Yes No

7 Is the computer enrolled with Computrace™ or any other location service?Have they been contacted?

Yes No Yes No

*** If this lost or stolen device is a phone or other hand held then please call Information Security so the data can be wiped remotely before you call your service provider and cancel the service.

IV

Data (Records) Classification

1 Does the application: create, access, receive, or process any of the following data elements?Social Security Numbers (SSN) Yes NoCredit Card Numbers Yes NoBank Account Numbers Yes NoProtected Health Information (PHI) Yes NoVeterans Administration Data Yes NoPassport Numbers Yes NoSalaries Yes NoAnimal Research Yes NoBudgets Info Yes NoEmployee Evaluation Data Yes NoStudent Data Subject to Family Education Rights and Privacy Act (FERPA) Yes No

Grades Yes NoAddresses Yes NoOther information protected by FERPA Yes No

2 If you answered Yes to anything above, give a brief description of the data:

Missing/Lost Devices – Compromised Data Reporting Form 8/12/2009; 5/12/2015; 7/7/2016 Page 2 of 3

3 What is the scale or scope of the data (e.g., large database, multiple spreadsheets, word documents, email correspondence)?

4 If there was protected health information (PHI) data, was the primary source for:Treatment, Payment, or Health Care Operations Yes NoResearch Yes No Teaching Yes NoOther purpose Yes No

5 Are there passwords stored on the device or automated logon scripts that could be used to access systems? Yes No If Yes, what systems:If Yes, have you changed your passwords? Yes No

6 Is any of the data from non-AU entities?VAMC Yes NoOther Yes No If Yes, who?

V Backup and Data Security1 Is the data backed up on the AU Health network server?

Yes No

2 Is there an IT Support Provider Yes No If Yes, then provide this individual’s name:

3 If you are not using network server backup, what backup method was used (e.g., CD, USB, or tape drive)?

4 Can we get access to the backups? Yes No If Yes, how?

5 Is your Computing Device Encrypted? Yes NoIf Yes, what is used for encryption?

6 If known, what are the directories and/or files where data containing sensitive or confidential data are potentially located on the computer?

7 If this was a hand-held mobile device, have you securely removed all data? Yes NoManually or remotely?

VI Notification1 Have you notified the Information Security Officer? Yes No2 Have you notified the Enterprise Privacy Officer? Yes No3 Have you notified your business manager or supervisor? Yes No

Your Department Business Manager/Supervisors Name:4 If the device or media was used to store human subject data, provide the:

HAC protocol number: PI’s Name/NETID:Have you contacted the IRB Committee Compliance Manager? Yes No

5 Have you entered the data and searched the National Stolen Computer Registry for your computer’s serial number? Yes No

Missing/Lost Devices – Compromised Data Reporting Form 8/12/2009; 5/12/2015; 7/7/2016 Page 3 of 3