Success Notification Overlay
Failure Notification Overlay

State Auditor's School District Data Breach Hotline

Online Reporting Form

In accordance with Sec. 162.1475, RSMo, in the event of a data breach, school districts must notify the State Auditor's Office. To fulfill this requirement, the school district's information technology/security representative should complete the form below. Upon receipt, the State Auditor's Office may contact the representative and/or other district personnel to obtain further information, as well as obtain periodic updates.

Contact Information
School Mailing Address
*Has the district already notified the Department of Elementary and Secondary Education, i.e. through their reporting form?

Please use the "Incident Description" field below to provide a narrative of the incident, including (as applicable):

  • When the incident began
  • When and how the incident was detected
  • A general summary of the cause or circumstances enabling the incident
  • The scope and scale of the incident (use estimates as needed):
    • Affected parties
    • Number of records
    • Time span of records
    • Presence of directory information versus personally identifiable information; see 34 CFR Section 99.3 as well as Section 407.1500(9), RSMo
  • The current status of the incident and activities remaining:
    • Whether the cause or circumstances enabling the incident were resolved (i.e. improvement of controls or processes to avoid repeat situations)
    • Whether external parties were notified as applicable (i.e. affected individuals/families, law enforcement)
  • Discussion of the following considerations, if applicable:
    • Has the district internally created any policies, procedures, or plans regarding security incident response and/or data breach response? These would be beyond the adoption of Missouri School Board Association policies EHBC and EHBC-AP(1). If "yes" please provide copies.
    • Did the incident involve any element of legitimacy (i.e. abuse or error by an employee in a position of trust; error in recurring practices or transmissions)?
    • Were all relevant user accounts, especially those accessible outside the district's network (i.e. home or mobile web access), disabled (locked, etc.) as necessary?
Optional Attached File(s):

Please contact for assistance or to provide additional information.